AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
Powered by AMiner. Clicking this button will take you away from SciOpen.
Home Journal of Computer Science and Technology Article
Article Link
Cite
EndNote(RIS) BibTeX
Collect
Submit Manuscript
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Regular Paper

CAGCN: Centrality-Aware Graph Convolution Network for Anomaly Detection in Industrial Control Systems

National Network New Media Engineering Research Center, Institute of Acoustics, Chinese Academy of Sciences, Beijing 100190, China
School of Electronic, Electrical and Communication Engineering, University of Chinese Academy of Sciences, Beijing 100049, China
Show Author Information

Abstract

In industrial control systems, the utilization of deep learning based methods achieves improvements for anomaly detection. However, most current methods ignore the association of inner components in industrial control systems. In industrial control systems, an anomaly component may affect the neighboring components; therefore, the connective relationship can help us to detect anomalies effectively. In this paper, we propose a centrality-aware graph convolution network (CAGCN) for anomaly detection in industrial control systems. Unlike the traditional graph convolution network (GCN) model, we utilize the concept of centrality to enhance the ability of graph convolution networks to deal with the inner relationship in industrial control systems. Our experiments show that compared with GCN, our CAGCN has a better ability to utilize this relationship between components in industrial control systems. The performances of the model are evaluated on the Secure Water Treatment (SWaT) dataset and the Water Distribution (WADI) dataset, the two most common industrial control systems datasets in the field of industrial anomaly detection. The experimental results show that our CAGCN achieves better results on precision, recall, and F1 score than the state-of-the-art methods.

Keywords

graph convolution network (GCN)data miningnetwork centralityanomaly detectionindustrial control system

Electronic Supplementary Material

Download File(s)
JCST-2201-12149-Highlights.pdf (161.7 KB)

References

[1]
Stouffer K, Falco J, Scarfone K. Guide to industrial control systems (ICS) security. National Institute of Standards and Technology, 2011. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82.pdf, July 2024.
[2]
Drias Z, Serhrouchni A, Vogel O. Analysis of cyber security for industrial control systems. In Proc. the 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, Aug. 2015. DOI: 10.1109/SSIC.2015.7245330.
Crossref
[3]

Galloway B, Hancke G P. Introduction to industrial control networks. IEEE Communications Surveys & Tutorials, 2013, 15(2): 860–880. DOI: 10.1109/SURV.2012.071812. 00124.
Crossref Google Scholar
[4]
Ogie R I. Cyber security incidents on critical infrastructure and industrial networks. In Proc. the 9th International Conference on Computer and Automation Engineering, Feb. 2017, pp.254–258. DOI: 10.1145/3057039.3057076.
Crossref
[5]

Zhou S X, Han J H, Li C, Wu D C. Research on trusted measurement of industrial control network with Markov reward model. Telecommunications Science, 2015, 31(2): 113–117, 139. DOI: 10.11959/j.issn.1000-0801.2015013.
Crossref Google Scholar
[6]

Wei Q Z. Industrial network control system security and management. Measurement & Control Technology, 2013, 32(2): 87–92. DOI: 10.19708/j.ckjs.2013.02.023.
Crossref Google Scholar
[7]

Kim S, Heo G, Zio E, Shin J, Song J G. Cyber attack taxonomy for digital environment in nuclear power plants. Nuclear Engineering and Technology, 2020, 52(5): 995–1001. DOI: 10.1016/j.net.2019.11.001.
Crossref Google Scholar
[8]

Lu G M. The analysis of present situation and future threats for the industrial control security in China. Cyberspace Security, 2018, 9(3): 1–7. DOI: 10.3969/j.issn.1674- 9456.2018.03.001.
Crossref Google Scholar
[9]

Munro K. Deconstructing flame: The limitations of traditional defences. Computer Fraud & Security, 2012, 2012(10): 8–11. DOI: 10.1016/S1361-3723(12)70102-1.
Crossref Google Scholar
[10]

Zhang X M, Wang L H, He Y Y, He S P. Analysis of potential vulnerabilities and security testing in industrial control system. Chinese Journal on Internet of Things, 2017, 1(1): 34–39. DOI: 10.11959/j.issn.2096-3750.2017.00005.
Crossref Google Scholar
[11]

Kshetri N, Voas J. Hacking power grids: A current problem. Computer, 2017, 50(12): 91–95. DOI: 10.1109/MC.2017.4451203.
Crossref Google Scholar
[12]

Das T K, Adepu S, Zhou J Y. Anomaly detection in industrial control systems using logical analysis of data. Computers & Security, 2020, 96: 101935. DOI: 10.1016/j.cose.2020.101935.
Crossref Google Scholar
[13]

Liu L W, Hu M D, Kang C Q, Li X Y. Unsupervised anomaly detection for network data streams in industrial control systems. Information, 2020, 11(2): 105. DOI: 10.3390/info11020105.
Crossref Google Scholar
[14]

Hao Y R, Sheng Y Q, Wang J L, Li C P. Network security event prediction based on recurrent neural network. Journal of Network New Media, 2017, 6(5): 54–58. DOI: 10.3969/j.issn.2095-347X.2017.05.010. (in Chinese)
Crossref Google Scholar
[15]

Perales Gómez Á L, Fernández Maimó L, Celdrán A H, García Clemente F J. MADICS: A methodology for anomaly detection in industrial control systems. Symmetry, 2020, 12(10): 1583. DOI: 10.3390/sym12101583.
Crossref Google Scholar
[16]

Mantere M, Sailio M, Noponen S. Network traffic features for anomaly detection in specific industrial control system network. Future Internet, 2013, 5(4): 460–473. DOI: 10.3390/fi5040460.
Crossref Google Scholar
[17]
Feng C, Li T T, Chana D. Multi-level anomaly detection in industrial control systems via package signatures and LSTM networks. In Proc. the 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Jun. 2017, pp.261–272. DOI: 10.1109/DSN.2017.34.
Crossref
[18]
Kiss I, Genge B, Haller P, Sebestyén G. Data clustering-based anomaly detection in industrial control systems. In Proc. the 10th IEEE International Conference on Intelligent Computer Communication and Processing, Sept. 2014, pp.275–281. DOI: 10.1109/ICCP.2014.6937009.
Crossref
[19]
Inoue J, Yamagata Y, Chen Y Q, Poskitt C M, Sun J. Anomaly detection for a water treatment system using unsupervised machine learning. In Proc. the IEEE International Conference on Data Mining Workshops, Nov. 2017, pp.1058–1065. DOI: 10.1109/ICDMW.2017.149.
Crossref
[20]
Kim J, Yun J H, Kim H C. Anomaly detection for industrial control systems using sequence-to-sequence neural networks. In Proc. the 2019 International Workshops, Sept. 2019, pp.3–18. DOI: 10.1007/978-3-030-42048-2_1.
Crossref
[21]

Wang T Y, Zeng P, Zhao J M, Liu X D, Zhang B W. Identification of influential nodes in industrial networks based on structure analysis. Symmetry, 2022, 14(2): 211. DOI: 10.3390/sym14020211.
Crossref Google Scholar
[22]

Ur-Rehman A, Gondal I, Kamruzzaman J, Jolfaei A. Vulnerability modelling for hybrid industrial control system networks. Journal of Grid Computing, 2020, 18(4): 863–878. DOI: 10.1007/s10723-020-09528-w.
Crossref Google Scholar
[23]
Lin Q, Adepu S, Verwer S, Mathur A. TABOR: A graphical model-based approach for anomaly detection in industrial control systems. In Proc. the 2018 on Asia Conference on Computer and Communications Security, May 2018, pp.525–536. DOI: 10.1145/3196494.3196546.
Crossref
[24]
Li D, Chen D C, Jin B H, Shi L, Goh J, Ng S K. MAD-GAN: Multivariate anomaly detection for time series data with generative adversarial networks. In Proc. the 28th Int. Con. Artificial Neural Networks, Sept. 2019, pp.703–716. DOI: 10.1007/978-3-030-30490-4_56.
Crossref
[25]

Zhang Q, Zhou C J, Tian Y C, Xiong N X, Qin Y Q, Hu B W. A fuzzy probability Bayesian network approach for dynamic cybersecurity risk assessment in industrial control systems. IEEE Trans. Industrial Informatics, 2018, 14(6): 2497–2506. DOI: 10.1109/TII.2017.2768998.
Crossref Google Scholar
[26]
Yoon M K, Ciocarlie G F. Communication pattern monitoring: Improving the utility of anomaly detection for industrial control systems. In Proc. the 2014 NDSS Workshop on Security of Emerging Networking Technologies, Feb. 2014. DOI: 10.14722/sent.2014.23012.
Crossref
[27]

Kravchik M, Shabtai A. Efficient cyber attack detection in industrial control systems using lightweight neural networks and PCA. IEEE Trans. Dependable and Secure Computing, 2022, 19(4): 2179–2197. DOI: 10.1109/TDSC.2021.3050101.
Crossref Google Scholar
[28]

Elnour M, Meskin N, Khan K, Jain R. A dual-isolation-forests-based attack detection framework for industrial control systems. IEEE Access, 2020, 8: 36639–36651. DOI: 10.1109/ACCESS.2020.2975066.
Crossref Google Scholar
[29]

Lee H, Kwon H. Going deeper with contextual CNN for hyperspectral image classification. IEEE Trans. Image Processing, 2017, 26(10): 4843–4855. DOI: 10.1109/TIP.2017.2725580.
Crossref Google Scholar
[30]
Zheng H L, Fu J L, Mei T, Luo J B. Learning multi-attention convolutional neural network for fine-grained image recognition. In Proc. the 2017 IEEE International Conference on Computer Vision, Oct. 2017, pp.5219–5227. DOI: 10.1109/ICCV.2017.557.
Crossref
[31]

Xie X Z, Niu J W, Liu X F, Li Q F, Wang Y, Han J, Tang S J. DG-CNN: Introducing margin information into convolutional neural networks for breast cancer diagnosis in ultrasound images. Journal of Computer Science and Technology, 2022, 37(2): 277–294. DOI: 10.1007/s11390-020-0192-0.
Crossref Google Scholar
[32]
Yin Y F, Shah R R, Zimmermann R. Learning and fusing multimodal deep features for acoustic scene categorization. In Proc. the 26th ACM International Conference on Multimedia, Oct. 2018, pp.1892–1900. DOI: 10.1145/3240508.3240631.
Crossref
[33]

Abdoli S, Cardinal P, Lameiras Koerich A. End-to-end environmental sound classification using a 1D convolutional neural network. Expert Systems with Applications, 2019, 136: 252–263. DOI: 10.1016/j.eswa.2019.06.040.
Crossref Google Scholar
[34]
Kravchik M, Shabtai A. Detecting cyber attacks in industrial control systems using convolutional neural networks. In Proc. the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, Jan. 2018, pp.72–83. DOI: 10.1145/3264888.3264896.
Crossref
[35]
Liu J J, Yin L B, Hu Y, Lv S C, Sun L M. A novel intrusion detection algorithm for industrial control systems based on CNN and process state transition. In Proc. the 37th IEEE International Performance Computing and Communications Conference, Nov. 2018. DOI: 10.1109/PCCC.2018.8710993.
Crossref
[36]
Hu Y B, Zhang D H, Cao G Y, Pan Q. Network data analysis and anomaly detection using CNN technique for industrial control systems security. In Proc. the 2019 IEEE International Conference on Systems, Man and Cybernetics, Oct. 2019, pp.593–597. DOI: 10.1109/SMC.2019.8913895.
Crossref
[37]

Abdelaty M, Doriguzzi-Corin R, Siracusa D. DAICS: A deep learning solution for anomaly detection in industrial control systems. IEEE Trans. Emerging Topics in Computing, 2022, 10(2): 1117–1129. DOI: 10.1109/TETC.2021. 3073017.
Crossref Google Scholar
[38]

Kusakina N M, Orlov S P, Kravets O J. Convolutional neural network for detecting anomalies in the control system of a machine-building enterprise. IOP Conference Series: Materials Science and Engineering, 2020, 862: 052020. DOI: 10.1088/1757-899X/862/5/052020.
Crossref Google Scholar
[39]

Salama M, El-Dakhakhni W, Tait M. Mixed strategy for power grid resilience enhancement under cyberattack. Sustainable and Resilient Infrastructure, 2022, 7(5): 568–588. DOI: 10.1080/23789689.2021.1974675.
Crossref Google Scholar
[40]

Milanović J V, Zhu W T. Modeling of interconnected critical infrastructure systems using complex network theory. IEEE Trans. Smart Grid, 2018, 9(5): 4637–4648. DOI: 10.1109/TSG.2017.2665646.
Crossref Google Scholar
[41]
Bruna J, Zaremba W, Szlam A, LeCun Y. Spectral networks and locally connected networks on graphs. In Proc. the 2nd International Conference on Learning Representations, Apr. 2014.
[42]

Zhang Z W, Cui P, Zhu W W. Deep learning on graphs: A survey. IEEE Trans. Knowledge and Data Engineering, 2022, 34(1): 249–270. DOI: 10.1109/TKDE.2020.2981333.
Crossref Google Scholar
[43]
Gori M, Monfardini G, Scarselli F. A new model for learning in graph domains. In Proc. the 2005 IEEE International Joint Conference on Neural Networks, Jul. 31-Aug. 4 2005, pp.729–734. DOI: 10.1109/IJCNN.2005.1555942.
Crossref
[44]

Scarselli F, Gori M, Tsoi A C, Hagenbuchner M, Monfardini G. The graph neural network model. IEEE Trans. Neural Networks, 2009, 20(1): 61–80. DOI: 10.1109/TNN.2008.2005605.
Crossref Google Scholar
[45]
Kipf T N, Welling M. Semi-supervised classification with graph convolutional networks. In Proc. the 5th International Conference on Learning Representations, Apr. 2017.
[46]
Defferrard M, Bresson X, Vandergheynst P. Convolutional neural networks on graphs with fast localized spectral filtering. In Proc. the 30th Conference on Neural Information Processing Systems, Dec. 2016, pp.3844–3852.
[47]
Liang X D, Shen X H, Feng J S, Lin L, Yan S C. Semantic object parsing with graph LSTM. In Proc. the 14th European Conference on Computer Vision, Oct. 2016, pp.125–143. DOI: 10.1007/978-3-319-46448-0_8.
Crossref
[48]
Veličković P, Cucurull G, Casanova A, Romero A, Liò P, Bengio Y. Graph attention networks. In Proc. the 6th Int. Conf. Learning Representations, May 2018.
[49]

Zhao L, Song Y J, Zhang C, Liu Y, Wang P, Lin T, Deng M, Li H F. T-GCN: A temporal graph convolutional network for traffic prediction. IEEE Trans. Intelligent Transportation Systems, 2020, 21(9): 3848–3858. DOI: 10.1109/TITS.2019.2935152.
Crossref Google Scholar
[50]
Yan S J, Xiong Y J, Lin D H. Spatial temporal graph convolutional networks for skeleton-based action recognition. In Proc. the 32nd AAAI Conference on Artificial Intelligence, Feb. 2018. pp.7444–7452.
Crossref
[51]
Stergiopoulos G, Theocharidou M, Kotzanikolaou P, Gritzalis D. Using centrality measures in dependency risk graphs for efficient risk mitigation. In Proc. the 9th IFIP 11. 10 International Conference on Critical Infrastructure Protection, Mar. 2015, pp.299–314. DOI: 10.1007/978-3-319-26567-4_18.
Crossref
[52]

Ricaud B, Borgnat P, Tremblay N, Gonçalves P, Vandergheynst P. Fourier could be a data scientist: From graph Fourier transform to signal processing on graphs. Comptes Rendus Physique, 2019, 20(5): 474–488. DOI: 10.1016/j.crhy.2019.08.003.
Crossref Google Scholar
[53]

Hammond D K, Vandergheynst P, Gribonval R. Wavelets on graphs via spectral graph theory. Applied and Computational Harmonic Analysis, 2011, 30(2): 129–150. DOI: 10.1016/j.acha.2010.04.005.
Crossref Google Scholar
[54]
Saxena A, Iyengar S. Centrality measures in complex networks: A survey. arXiv: 2011.07190, 2020. https://arxiv.org/abs/2011.07190, Jul. 2024.
[55]

Das K, Samanta S, Pal M. Study on centrality measures in social networks: A survey. Social Network Analysis and Mining, 2018, 8(1): 13. DOI: 10.1007/s13278-018-0493-2.
Crossref Google Scholar
[56]

Landherr A, Friedl B, Heidemann J. A critical review of centrality measures in social networks. Business & Information Systems Engineering, 2010, 2(6): 371–385. DOI: 10.1007/s12599-010-0127-3.
Crossref Google Scholar
[57]

Tuğal İ, Karcı A. Comparisons of Karcı and Shannon entropies and their effects on centrality of social networks. Physica A: Statistical Mechanics and its Applications, 2019, 523: 352–363. DOI: 10.1016/j.physa.2019.02.026.
Crossref Google Scholar
[58]

Morelli S A, Ong D C, Makati R, Jackson M O, Zaki J. Empathy and well-being correlate with centrality in different social networks. Proceedings of the National Academy of Sciences of the United States of America, 2017, 114(37): 9843–9847. DOI: 10.1073/pnas.1702155114.
Crossref Google Scholar
[59]

Leydesdorff L, Wagner C S, Bornmann L. Betweenness and diversity in journal citation networks as measures of interdisciplinarity—A tribute to Eugene Garfield. Scientometrics, 2018, 114(2): 567–592. DOI: 10.1007/s11192-017-2528-2.
Crossref Google Scholar
[60]

Ding Y, Yan E J, Frazho A, Caverlee J. PageRank for ranking authors in co-citation networks. Journal of the American Society for Information Science and Technology, 2009, 60(11): 2229–2243. DOI: 10.1002/asi.v60:11.
Crossref Google Scholar
[61]

Ji P S, Jin J S. Coauthorship and citation networks for statisticians. The Annals of Applied Statistics, 2016, 10(4): 1779–1812. DOI: 10.1214/15-AOAS896.
Crossref Google Scholar
[62]

Samad A, Arshad Islam M, Azhar Iqbal M, Aleem M. Centrality-based paper citation recommender system. EAI Endorsed Trans. Industrial Networks and Intelligent Systems, 2019, 6(19): e2. DOI: 10.4108/eai.13-6-2019.159121.
Crossref Google Scholar
[63]

Cickovski T, Peake E, Aguiar-Pulido V, Narasimhan G. ATria: A novel centrality algorithm applied to biological networks. BMC Bioinformatics, 2017, 18(Suppl 8): 239. DOI: 10.1186/s12859-017-1659-z.
Crossref Google Scholar
[64]

Koschützki D, Schreiber F. Centrality analysis methods for biological networks and their application to gene regulatory networks. Gene Regulation and Systems Biology, 2008, 2: 193–201. DOI: 10.4137/grsb.s702.
Crossref Google Scholar
[65]

Ashtiani M, Salehzadeh-Yazdi A, Razaghi-Moghadam Z, Hennig H, Wolkenhauer O, Mirzaie M, Jafari M. A systematic survey of centrality measures for protein-protein interaction networks. BMC Systems Biology, 2018, 12(1): 80. DOI: 10.1186/s12918-018-0598-2.
Crossref Google Scholar
[66]

Jayasinghe A, Sano K, Rattanaporn K. Application for developing countries: Estimating trip attraction in urban zones based on centrality. Journal of Traffic and Transportation Engineering (English Edition), 2017, 4(5): 464–476. DOI: 10.1016/j.jtte.2017.05.011.
Crossref Google Scholar
[67]

Gao S, Wang Y L, Gao Y, Liu Y. Understanding urban traffic-flow characteristics: A rethinking of betweenness centrality. Environment and Planning B: Urban Analytics and City Science, 2013, 40(1): 135–153. DOI: 10.1068/b38141.
Crossref Google Scholar
[68]
Parmar A, Gnanadhas J, Mini T T, Abhilash G, Biswal A C. Multi-agent approach for anomaly detection in automation networks. In Proc. the 2014 International Conference on Circuits, Communication, Control and Computing, Nov. 2014, pp.225–230. DOI: 10.1109/CIMCA.2014.7057795.
Crossref
[69]

Opsahl T, Agneessens F, Skvoretz J. Node centrality in weighted networks: Generalizing degree and shortest paths. Social Networks, 2010, 32(3): 245–251. DOI: 10.1016/j.socnet.2010.03.006.
Crossref Google Scholar
[70]

Bavelas A. Communication patterns in task-oriented groups. The Journal of the Acoustical Society of America, 1950, 22(6): 725–730. DOI: 10.1121/1.1906679.
Crossref Google Scholar
[71]

Freeman L C. A set of measures of centrality based on betweenness. Sociometry, 1977, 40(1): 35–41. DOI: 10.2307/ 3033543.
Crossref Google Scholar
[72]

Brandes U. A faster algorithm for betweenness centrality. The Journal of Mathematical Sociology, 2001, 25(2): 163–177. DOI: 10.1080/0022250X.2001.9990249.
Crossref Google Scholar
[73]

Hage P, Harary F. Eccentricity and centrality in networks. Social Networks, 1995, 17(1): 57–63. DOI: 10.1016/0378-8733(94)00248-9.
Crossref Google Scholar
[74]

Chen D B, Lü L Y, Shang M S, Zhang Y C, Zhou T. Identifying influential nodes in complex networks. Physica A: Statistical Mechanics and its Applications, 2012, 391(4): 1777–1787. DOI: 10.1016/j.physa.2011.09.017.
Crossref Google Scholar
[75]

Bonacich P. Factoring and weighting approaches to status scores and clique identification. The Journal of Mathematical Sociology, 1972, 2(1): 113–120. DOI: 10.1080/0022250X.1972.9989806.
Crossref Google Scholar
[76]

Stephenson K, Zelen M. Rethinking centrality: Methods and examples. Social Networks, 1989, 11(1): 1–37. DOI: 10.1016/0378-8733(89)90016-6.
Crossref Google Scholar
[77]
Goh J, Adepu S, Junejo K N, Mathur A. A dataset to support research in the design of secure water treatment systems. In Proc. the 11th International Conference on Critical Information Infrastructures Security, Oct. 2016, pp.88–99. DOI: 10.1007/978-3-319-71368-7_8.
Crossref
[78]
Ahmed C M, Palleti V R, Mathur A P. WADI: A water distribution testbed for research in the design of secure cyber physical systems. In Proc. the 3rd International Workshop on Cyber-Physical Systems for Smart Water Networks, Apr. 2017, pp.25–28. DOI: 10.1145/3055366.3055375.
Crossref
Journal of Computer Science and Technology
Volume 39 Issue 4,
August 2024
Pages 967-983
DOI: 10.1007/s11390-022-2149-y
Cite this article:
Yang J, Sheng Y-Q, Wang J-L, et al. CAGCN: Centrality-Aware Graph Convolution Network for Anomaly Detection in Industrial Control Systems. Journal of Computer Science and Technology, 2024, 39(4): 967-983. https://doi.org/10.1007/s11390-022-2149-y

58

Views

0

Crossref

1

Web of Science

1

Scopus

0

CSCD

Altmetrics
Received: 07 January 2022
Accepted: 08 September 2022
Published: 20 September 2024
© Institute of Computing Technology, Chinese Academy of Sciences 2024
Return