Fig 5 - uploaded by Obinna Igbe
Content may be subject to copyright.
ROC curve for different multiplier values. The TPR-axis have been zoomed-in to enable the visualization of some overlapping lines.
Source publication
The Distributed Network Protocol v3.0 (DNP3) is one of the most widely used protocols for smart grid communications. Security challenges which could cause great scale of damages to critical infrastructure like the smart grid have emerged in recent years. This paper investigates the attacks that target smart grids which utilize the DNP3 protocol, an...
Context in source publication
Context 1
... the multiplier value) to create multiple copies of the same instance. The DCA is more of a signal processing algorithm than a classifier, hence, the entire 861 instances are fed into the system without their class labels (un-supervised learning) or initial training. Table I summarizes the receiver operating It can be seen from both Table I and Fig. 5 that as the multiplier value increases, the TPR also increases. This increase is caused by the reduction in antigen deficiency, as more antigens of the same type can now be sampled by diverse DCA cells which help in signal correlation. The difficulty or constraint here is that as the multiplier value is increased, the processing time ...
Similar publications
As one of the most common and aggressive means, denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks cause serious impact on computing systems and networks. This paper presents a system for detecting DoS attacks in a network using the dendritic cell algorithm (DCA). The proposed system classifies incoming network traffic into ei...
The latest advancement in the technology, including the integration of the renewable energy resources, has become a recent trend in the power system infrastructure. Although, this can bring many benefits, excessive integration without proper planning may lead to unwanted circumstances such as voltage instability and higher power losses. This paper...
A demand response management (DRM) system is proposed here, in which a service provider determines a mutual optimal solution for the utility and the customers in a microgrid setting. Such a system may find use with a service provider interacting with the respective customers and utilities under the existence of some DRM agreements. The service prov...
Genetic Algorithms (GA) have proven its reliability to obtain near optimum for complex problems. However, to optimize solutions and prevent premature convergence, operators on the GA were highly dependent on large population sizes, causing the computational speed to be slower than newer algorithms. Therefore, in this study, we propose a way to caus...
![Fig. 5: Experimental Setup ( Setup adapted from [71], the tool wear...](publication/375812268/figure/fig5/AS:11431281206318455@1700663772133/Experimental-Setup-Setup-adapted-from-71-the-tool-wear-image-used-was-captured_Q320.jpg)
As manufacturing industry is moving towards the fourth industrial revolution, there is an increasing need for smart maintenance systems which could provide manufacturers a competitive advantage by predicting failures. Despite various efforts by researchers, there are still challenges for these systems to work reliably in industry such as lack of ad...
Citations
... DCA mimics the antigen presentation process of DCs to perform the fusion of real-valued input data and correlates those combined data with the data class to form a binary classifier. As an excellent prototype for developing Machine Learning, DCA has been widely applied in classification [3,4], intrusion detection [5][6][7][8], spam filtering [9], distributed and parallel operations [10], earthquake prediction [11], anomaly detection [12,13], cyber-attack detection in smart grid [14], and industrial prognosis [15]. Table 1 lists the application domains and effectiveness of DCA. ...
... [12,13] Anomaly detection Make the DCA applicable to 2D data streams and diversify the range of applications substantially. [14] Smart grid cyber-attack detection ...
The dendritic cell algorithm (DCA) is an excellent prototype for developing Machine Learning inspired by the function of the powerful natural immune system. Too many parameters increase complexity and lead to plenty of criticism in the signal fusion procedure of DCA. The loss function of DCA is ambiguous due to its complexity. To reduce the uncertainty, several researchers simplified the algorithm program; some introduced gradient descent to optimize parameters; some utilized searching methods to find the optimal parameter combination. However, these studies are either time-consuming or need to be revised in the case of non-convex functions. To overcome the problems, this study models the parameter optimization into a black-box optimization problem without knowing the information about its loss function. This study hybridizes bayesian optimization hyperband (BOHB) with DCA to propose a novel DCA version, BHDCA, for accomplishing parameter optimization in the signal fusion process. The BHDCA utilizes the bayesian optimization (BO) of BOHB to find promising parameter configurations and applies the hyperband of BOHB to allocate the suitable budget for each potential configuration. The experimental results show that the proposed algorithm has significant advantages over the other DCA expansion algorithms in terms of signal fusion.
... In this direction, [177] uses two different datasets considering a variable number of nodes. The first [178] focuses on the ModBus protocol [179] and the second [180] on the DNP3 protocol [181]. Both these datasets are offered in the form of pcap files. ...
The evolution of cybersecurity is undoubtedly associated and intertwined with the development and improvement of artificial intelligence (AI). As a key tool for realizing more cybersecure ecosystems, Intrusion Detection Systems (IDSs) have evolved tremendously in recent years by integrating machine learning (ML) techniques for the detection of increasingly sophisticated cybersecurity attacks hidden in big data. However, these approaches have traditionally been based on centralized learning architectures, in which data from end nodes are shared with data centers for analysis. Recently, the application of federated learning (FL) in this context has attracted great interest to come up with collaborative intrusion detection approaches where data does not need to be shared. Due to the recent rise of this field, this work presents a complete, contemporary taxonomy for FL-enabled IDS approaches that stems from a comprehensive survey of the literature in the time span from 2018 to 2022. Precisely, our discussion includes an analysis of the main ML models, datasets, aggregation functions, as well as implementation libraries, which are employed by the proposed FL-enabled IDS approaches. On top of everything else, we provide a critical view of the current state of the research around this topic, and describe the main challenges and future directions based on the analysis of the literature and our own experience in this area.
... For protocols bgp, dhcp, ntp, smb, and smb2, we use traces collected from network security competitions [8], public reference traces [1], [4], [6], [10] and the NetPlier test suite [5]. For dnp3 and modbus we use captures from security researchers and network security competitions [1], [36]. For mavlink, we use a trace from a software-in-the-loop (SITL) drone simulator [3]. ...
... The author used a deterministic version of the "Dendritic Cell Algorithm (DCA)", which is an Artificial Immune System (AIS)-based algorithm. And tested the same on the artificially created dataset implementing various attacks, based on DNP3 [5]. ...
... Abid et al. [18] proposed a new layered real NSA (LRNSA) to improve fault detection accuracy and reduce online detection time. Moreover, the deterministic dendritic cell algorithm (dDCA) [19] was proposed to reduce the original DCA number. The artificial macrophage algorithm (AMA) [20] is an immune computation-inspired classification algorithm based on the functioning of natural immune macrophages. ...
... Rights reserved. Low accuracy FB-NSA [17], LRNSA [18], DCA [28], dDCA [19], hdDCA [7], AMA [20] researchers have used these approaches for anomaly detection. In [13], a kernel PCA for anomaly detection was proposed, which extracts principal components of data distributions from a feature space of infinite dimension, where the reconstruction error relative to the principal subspace measures the anomalies. ...
... However, the original DCA has a large number of parameters, which influences its performance. Igbe et al. [19] proposed a revised dDCA, which was implemented for anomaly detection. In [7], Zhou et al. proposed a Haskell-based deterministic DCA (hdDCA) to predict the magnitude of earthquakes in Sichuan and nearby regions with magnitudes greater than 4.5 in the coming month. ...
Anomaly detection is a significant issue that has attracted considerable research. The artificial immune system offers strong pattern recognition ability, adaptability and dynamic characteristics; therefore, it has been extensively used for anomaly detection. However, the boundary between normal and abnormal data patterns is difficult to define, which reduces the anomaly detection precisions of artificial immune approaches. Biological macrophages have a strong ability to identify various abnormalities, therefore, this study proposes a novel numerical differentiation-based artificial macrophage detection model (NDAMM) for anomaly detection. In particular, numerical differentiation is introduced in signal extraction, which can perceive signal changes more clearly and perform signal mapping. Furthermore, we design an artificial macrophage algorithm to determine weights based on input data and identify abnormalities using a signal fusion process. Finally, the proposed approach is implemented in anomaly detection. Through implementations on 20 anomaly detection datasets, the results of these experiments demonstrate that the NDAMM surpasses state-of-the-art anomaly detection methodologies. Ablation studies, parametric analysis, and statistical analysis are used to validate the effectiveness of our model.
... The solution is validated in a simulated factory floor with a distributed scenario (three AGVs operating simultaneously). Finally, related to the Electric Power Industry, Igbe et al. [102] (P05) propose an IDS in industrial communication scenarios based on the dDCA. In this case, the authors used the DNP3 protocol and proposed a dataset for a Smart Grid scenario to validate the solution. ...
... of protecting a system by detecting attacks against it, usually by using anomaly-based techniques. Pinto et al. [98] (P01), Pinto et al. [113] (P16), Pinto et al. [144] (P48), and Igbe et al. [102] (P05) propose network-based IDS (NIDS), i.e., the detection is performed based on the network data analysis, in order to detect network attacks. On the other hand, Clotet et al. [114] (P17), Degeler et al. [112] (P15) and Pinto et al. [56] (P47) propose host-based IDS (HIDS), i.e., detection focus on attacks targeting physical components at the industrial process level, by analysing host data. ...
... In this SLR, four publications tackled network-related issues, namely NIDS [98,102,113,144] (P01, P16, P05 and P48), focusing only on the security aspects of the network infrastructure. This research work is not enough to impact this AMS goal. ...
In recent years, the application of Advanced Manufacturing Technologies (AMT) in industrial processes represents the introduction of different Advanced Manufacturing Systems (AMS), which encourage enterprises to improve their core competitiveness and maintain sustainable development when facing the increasing demand for personalized product customization. More recently, AMT led to a new Internet revolution, mostly known as 4th Industrial Revolution. Considering the development and deployment of Artificial Intelligence to enable smart and self-behaving industrial systems, autonomic approaches allow the system to adapt itself, eliminating the need for human intervention for management. This paper presents a systematic literature review regarding Artificial Immune Systems (AIS) approaches to tackle multiple AMS problems requiring levels of autonomy. First, a systematic review of current industrial AIS applications in manufacturing environments is presented. Then, a conceptual framework is proposed to bridge the gap between research in the AIS field and the manufacturing industry while discussing key challenges and opportunities to be addressed by future research. This study aims to build a body of knowledge for researchers and manufacturers regarding AIS solutions under Advanced Manufacturing while suggesting directions for understanding the requirements for designing and managing autonomic industry applications supported by AIS.
... Distributed Denial of Service (DDoS) attacks aim involves to cause a machine or a network resources unavailable. For instance, the goal is to temporarily or indefinitely interrupt or suspend services of the target where it is connected to the network [22]. ...
This bachelor thesis focuses on the analysis and development of techniques for detecting anomalies in the application layer of network traffic within the industrial environment,
more specifically in the detection of anomalies in the protocol called Distribution Network
Protocol (DNP3).
One of the main objectives of cyber attackers is related with power grid systems.
These infrastructures are capable of supplying energy to a city or even a entire country. Hence, they are critical facilities for the population and must be secured against any
security breaches.
To approach this objective, the thesis presents an architecture that transform the network traffic stored in a specific file format into a format that it is easier to manage and
visualise. In addition, this thesis provides a classification system by elaborating different
Machine Learning algorithms with the purpose of choosing the best model that detects
anomalies regarding this network protocol.
... The DCA classifier was successfully applied to a wide range of real-world applications, including cyber-attack detection, classification and anomaly detetion [11][12][13], but DCA still suffers from low accuracy and detection rate due to the fact that the lack of regulating, learning and memory mechanisms of innate immune system which results in DCA™s large number of random parameters are set according to expert knowledge. Over the past few years, many researchers have developed different works to extend the standard DCA version. ...
The study of innate immune-based algorithms is an important research domain in Artificial Immune System (AIS), such as Dendritic Cell Algorithm (DCA), Toll-Like Receptor algorithm (TLRA). The parameters in these algorithms usually require either manually pre-defined usually provided by the immunologists, or empirically derived from the training dataset, and result in poor self-adaptation and self-learning. The fundamental reason is that the original innate immune mechanisms lack adaptive biological theory. To solve this problem, a theory called ‘Trained Immunity™ or Innate Immune Memory (IIM)™ that thinks innate immunity can also build immunological memory to enhance the immune system™s learning and adaptive reactions to the second stimulus is introduced into AIS to improve the innate immune algorithms™ adaptability. In this study, we present an overview of IIM with particular emphasis on analogies in the AIS world, and a modified DCA with an effective automated tuning mechanism based on IIM (IIM-DCA) to optimize migration threshold of DCA. The migration threshold of Dendritic Cells (DCs) determines the lifespan of the antigen collected by DCs, and directly affect the detection speed and accuracy of DCA. Experiments on real datasets show that our proposed IIM-DCA which integrates Innate Immune Memory mechanism delivers more accurate results.
... It mimics the antigen presentation process of dendritic cells (DCs) in biological immune system, and traverses the tissue to obtain evidence of damage (signals) and potential objects (antigens) that may cause damage, so as to identify dangerous antigens. For DCA has the characteristics of fast recognition and does not require training data, it has been widely implemented in ping scan detection [32], malware detection [25], denial of service attack detection [22], securing the internet of things [16], smart grid cyber attack detection [23], earthquake prediction [38] and etc. The performance of DCA depends crucially on the parameters used to compute the relationship Content courtesy of Springer Nature, terms of use apply. ...
Anomaly detection is an important issue, which has been deeply studied in different research domains and application fields. The dendritic cell algorithm (DCA) is one of the most popular artificial immune system inspired approaches to handle anomaly detection problems. The performance of DCA depends significantly on the parameters used to compute the relationship between input instance and detectors. However, we find that while the DCA’s performance is good in practical applications, it is difficult to analyze due to the empirical based parameters and lacks adaptability. This paper studies how to effectively learn appropriate parameters for deterministic DCA (dDCA) for anomaly detection tasks. In particular, we propose a novel immune optimization based dDCA (IO-dDCA) for anomaly detection. It consists of dDCA classification, T cell (TC) classification, gradient descent optimization and immune nonlinear dynamic optimization. First, the dDCA is regarded as a binary classifier, and the data instances which are labeled as normal will be classified by a T cell inspired classification method, so as to improve the classification performance of dDCA. Then, to improve dDCA’s adaptability, gradient descent is adopted for dDCA parameters’ optimization. Finally, the immune nonlinear model is introduced to adjust learning rate in gradient descent to find the optimal parameters. The theoretical and experimental performance analysis of IO-dDCA show effectiveness of the novel approach through simulations, and the experimental results show that the proposed IO-dDCA has good classification accuracy.
... There are two labels, 1 and 0. A label 1 recognizes that instance as a malicious class, and a label 0 recognizes that the instance is a legitimate class. The second dataset was downloaded from git-hub uploaded by researchers Igbe et al. [2017] used it for research in snort rule generation. Obinna dataset consists of 862 instances, each one with 35 features. ...
One of the most challenging aspects of a rule-based network intrusion detection system is the high false-positive rate, which makes it unreliable. This research study has developed a new hybrid system based on two-stage intrusion detectors in series to lower the system's high false-positive rate. At first, the rule-based system identifies incoming network packets as intrusion packets or normal packets. The trained machine learning model with feature reduction technique assists the classifiers in classifying the incoming packets as intrusion or normal. For the rule-based system, "Snort" is used, and for the second stage, a classification decision tree is used. A Genetic Algorithm (GA) technique is used for feature selection purposes. The final decision about intrusions is based on the prediction of both the learning systems. The experimental results show that this approach successfully reduces the false positive and false negative rates and increases rule-based NIDS accuracy.
