Biblio

Supervisory control and data acquisition (SCADA) systems are used with monitoring and control purposes for the process not to fail in industrial control systems. Today, the increase in the use of standard protocols, hardware, and software in the SCADA systems that can connect to the internet and institutional networks causes these systems to become a target for more cyber-attacks. Intrusion detection systems are used to reduce or minimize cyber-attack threats. The use of deep learning-based intrusion detection systems also increases in parallel with the increase in the amount of data in the SCADA systems. The unsupervised feature learning present in the deep learning approaches enables the learning of important features within the large datasets. The features learned in an unsupervised way by using deep learning techniques are used in order to classify the data as normal or abnormal. Architectures such as convolutional neural network (CNN), Autoencoder (AE), deep belief network (DBN), and long short-term memory network (LSTM) are used to learn the features of SCADA data. These architectures use softmax function, extreme learning machine (ELM), deep belief networks, and multilayer perceptron (MLP) in the classification process. In this study, anomaly-based intrusion detection systems consisting of convolutional neural network, autoencoder, deep belief network, long short-term memory network, or various combinations of these methods on the SCADA networks in the literature were analyzed and the positive and negative aspects of these approaches were explained through their attack detection performances.

To add more functionality and enhance usability of web applications, JavaScript (JS) is frequently used. Even with many advantages and usefulness of JS, an annoying fact is that many recent cyberattacks such as drive-by-download attacks exploit vulnerability of JS codes. In general, malicious JS codes are not easy to detect, because they sneakily exploit vulnerabilities of browsers and plugin software, and attack visitors of a web site unknowingly. To protect users from such threads, the development of an accurate detection system for malicious JS is soliciting. Conventional approaches often employ signature and heuristic-based methods, which are prone to suffer from zero-day attacks, i.e., causing many false negatives and/or false positives. For this problem, this paper adopts a machine-learning approach to feature learning called Doc2Vec, which is a neural network model that can learn context information of texts. The extracted features are given to a classifier model (e.g., SVM and neural networks) and it judges the maliciousness of a JS code. In the performance evaluation, we use the D3M Dataset (Drive-by-Download Data by Marionette) for malicious JS codes and JSUPACK for benign ones for both training and test purposes. We then compare the performance to other feature learning methods. Our experimental results show that the proposed Doc2Vec features provide better accuracy and fast classification in malicious JS code detection compared to conventional approaches.

This paper presents a novel feature learning model for cyber security tasks. We propose to use Auto-encoders (AEs), as a generative model, to learn latent representation of different feature sets. We show how well the AE is capable of automatically learning a reasonable notion of semantic similarity among input features. Specifically, the AE accepts a feature vector, obtained from cyber security phenomena, and extracts a code vector that captures the semantic similarity between the feature vectors. This similarity is embedded in an abstract latent representation. Because the AE is trained in an unsupervised fashion, the main part of this success comes from appropriate original feature set that is used in this paper. It can also provide more discriminative features in contrast to other feature engineering approaches. Furthermore, the scheme can reduce the dimensionality of the features thereby signicantly minimising the memory requirements. We selected two different cyber security tasks: networkbased anomaly intrusion detection and Malware classication. We have analysed the proposed scheme with various classifiers using publicly available datasets for network anomaly intrusion detection and malware classifications. Several appropriate evaluation metrics show improvement compared to prior results.