Biblio
Filters: Author is Hossain, Md Delwar [Clear All Filters]
.
2022. Unsupervised Anomaly Detection in RS-485 Traffic using Autoencoders with Unobtrusive Measurement. 2022 IEEE International Performance, Computing, and Communications Conference (IPCCC). :17—23.
Remotely connected devices have been adopted in several industrial control systems (ICS) recently due to the advancement in the Industrial Internet of Things (IIoT). This led to new security vulnerabilities because of the expansion of the attack surface. Moreover, cybersecurity incidents in critical infrastructures are increasing. In the ICS, RS-485 cables are widely used in its network for serial communication between each component. However, almost 30 years ago, most of the industrial network protocols implemented over RS-485 such as Modbus were designed without security features. Therefore, anomaly detection is required in industrial control networks to secure communication in the systems. The goal of this paper is to study unsupervised anomaly detection in RS-485 traffic using autoencoders. Five threat scenarios in the physical layer of the industrial control network are proposed. The novelty of our method is that RS-485 traffic is collected indirectly by an analog-to-digital converter. In the experiments, multilayer perceptron (MLP), 1D convolutional, Long Short-Term Memory (LSTM) autoencoders are trained to detect anomalies. The results show that three autoencoders effectively detect anomalous traffic with F1-scores of 0.963, 0.949, and 0.928 respectively. Due to the indirect traffic collection, our method can be practically applied in the industrial control network.
.
2020. Long Short-Term Memory-Based Intrusion Detection System for In-Vehicle Controller Area Network Bus. 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC). :10–17.
The Controller Area Network (CAN) bus system works inside connected cars as a central system for communication between electronic control units (ECUs). Despite its central importance, the CAN does not support an authentication mechanism, i.e., CAN messages are broadcast without basic security features. As a result, it is easy for attackers to launch attacks at the CAN bus network system. Attackers can compromise the CAN bus system in several ways: denial of service, fuzzing, spoofing, etc. It is imperative to devise methodologies to protect modern cars against the aforementioned attacks. In this paper, we propose a Long Short-Term Memory (LSTM)-based Intrusion Detection System (IDS) to detect and mitigate the CAN bus network attacks. We first inject attacks at the CAN bus system in a car that we have at our disposal to generate the attack dataset, which we use to test and train our model. Our results demonstrate that our classifier is efficient in detecting the CAN attacks. We achieved a detection accuracy of 99.9949%.