Time is of the Essence: Machine Learning-based Intrusion Detection in Industrial Time Series Data
This work addresses security for industrial IoT systems, which lack built-in protections, but it is incremental as it compares existing methods on new data without introducing novel techniques.
The paper tackled intrusion detection in industrial time series data by evaluating three algorithms on emulated network data with labeled attacks, finding that Matrix Profiles performed well with minimal parameterization, Seasonal ARIMA performed well in noisy conditions but required more effort, and LSTM neural networks had mediocre performance with high training and parameterization requirements.
The Industrial Internet of Things drastically increases connectivity of devices in industrial applications. In addition to the benefits in efficiency, scalability and ease of use, this creates novel attack surfaces. Historically, industrial networks and protocols do not contain means of security, such as authentication and encryption, that are made necessary by this development. Thus, industrial IT-security is needed. In this work, emulated industrial network data is transformed into a time series and analysed with three different algorithms. The data contains labeled attacks, so the performance can be evaluated. Matrix Profiles perform well with almost no parameterisation needed. Seasonal Autoregressive Integrated Moving Average performs well in the presence of noise, requiring parameterisation effort. Long Short Term Memory-based neural networks perform mediocre while requiring a high training- and parameterisation effort.