Detecting Cyberattacks in Industrial Control Systems Using Online Learning Algorithms

arXiv.org Machine Learning

Industrial control systems are critical to the operation of industrial facilities, especially for critical infrastructures, such as refineries, power grids, and transportation systems. Similar to other information systems, a significant threat to industrial control systems is the attack from cyberspace---the offensive maneuvers launched by "anonymous" in the digital world that target computer-based assets with the goal of compromising a system's functions or probing for information. Owing to the importance of industrial control systems, and the possibly devastating consequences of being attacked, significant endeavors have been attempted to secure industrial control systems from cyberattacks. Among them are intrusion detection systems that serve as the first line of defense by monitoring and reporting potentially malicious activities. Classical machine-learning-based intrusion detection methods usually generate prediction models by learning modest-sized training samples all at once. Such approach is not always applicable to industrial control systems, as industrial control systems must process continuous control commands with limited computational resources in a nonstop way. To satisfy such requirements, we propose using online learning to learn prediction models from the controlling data stream. We introduce several state-of-the-art online learning algorithms categorically, and illustrate their efficacies on two typically used testbeds---power system and gas pipeline. Further, we explore a new cost-sensitive online learning algorithm to solve the class-imbalance problem that is pervasive in industrial intrusion detection systems. Our experimental results indicate that the proposed algorithm can achieve an overall improvement in the detection rate of cyberattacks in industrial control systems.


Artificial Intelligence and Computational Law: Democratizing Cybersecurity Stanford Law School

#artificialintelligence

A few years ago, I was invited to Minnesota Public Radio to speak about various legal issues related to cybersecurity. To my left was Bruce Schneier, a famous and respected cybersecurity researcher and prolific author. There wasn't much disagreement between us during the interview, though I recall emphasizing a bit more the FTC's cybersecurity efforts, noting that I thought they were doing a pretty good job in the current regulatory vacuum, building a de-facto common law as they went along. In his latest book, "Click Here to Kill Everybody," Schneier argues, among other things, that there is a systemic lack of security in all things computer (something he calls "Internet ", essentially an extension of IoT) and that what is needed to fix this is government intervention. Schneier's call for intervention comes in the form of a new government agency, one that has the ability to "coordinate and advise with other agencies" on the Internet .


Geeks win millions for teaching computers to battle each other

Daily Mail - Science & tech

A software program dubbed'Mayhem' was poised to win the final round of a three-year contest to teach computers to launch and defend against cyber attacks, earning a 2 million prize for the team that wrote the winning code. The event, known as the Cyber Grand Challenge, concluded Thursday evening in a Las Vegas convention centre ballroom after a digital battle among software programs running on seven supercomputers on a stage in a Las Vegas ballroom. Thousands watched as announcers presented a play-by-play account of the competition. The event, known as the Cyber Grand Challenge, concluded Thursday evening in a Las Vegas convention centre ballroom after a digital battle among software programs. For almost 10 hours, competitors played the classic cybersecurity exercise of Capture the Flag in a specially created computer testbed laden with an array of bugs hidden inside custom, never-before-analyzed software.


A Machine Learning Model for Detecting Malware Outbreaks Using Only a Single Malware Sample

#artificialintelligence

Machine learning (ML) has become an important part of the modern cybersecurity landscape, where massive amounts of threat data need to be gathered and processed to provide security solutions the ability to swiftly and accurately detect and analyze new and unique malware variants without requiring extensive resources. Some machine learning algorithms are typically trained on a large dataset. Malware outbreaks pose a challenge for machine learning in security since samples are scarce during the critical first hours. In our research paper entitled "Generative Malware Outbreak Detection," we demonstrated how machine learning technology for security solutions can identify a malware variant not only from large quantities of malware samples but also from only a small handful of observable variants. But how effective is machine learning if the only information available is from a single sample?


Using data science to improve public policy

#artificialintelligence

This interdisciplinary event teamed data science, engineering, and policy students to explore solutions to real societal challenges submitted by sponsor organizations. The hackathon, subtitled "Data to Decisions," was organized and run by students from MIT's Institute for Data, Systems, and Society (IDSS). Participants used datasets provided by nonprofit, education, and government institutions to pitch solutions to complex challenges in cybersecurity, health, energy and climate, transportation, and the future of work. A panel of judges evaluated the pitches and read final policy proposals. "It's a different type of hackathon in that it is focused on public policy outcomes," says Amy Umaretiya, a student organizer with IDSS's Master's program in Technology and Policy (TPP).