Learning Representations of Network Traffic Using Deep Neural Networks for Network Anomaly Detection: A Perspective towards Oil and Gas IT Infrastructures

Published on Nov 16, 2020in Symmetry2.454
· DOI :10.3390/SYM12111882
Sheraz Naseer8
Estimated H-index: 8
,
Rao Faizan Ali6
Estimated H-index: 6
+ 1 AuthorsYasir Saleem16
Estimated H-index: 16
Sources
Abstract
Oil and Gas organizations are dependent on their IT infrastructure, which is a small part of their industrial automation infrastructure, to function effectively. The oil and gas (O&G) organizations industrial automation infrastructure landscape is complex. To perform focused and effective studies, Industrial systems infrastructure is divided into functional levels by The Instrumentation, Systems and Automation Society (ISA) Standard ANSI/ISA-95:2005. This research focuses on the ISA-95:2005 level-4 IT infrastructure to address network anomaly detection problem for ensuring the security and reliability of Oil and Gas resource planning, process planning and operations management. Anomaly detectors try to recognize patterns of anomalous behaviors from network traffic and their performance is heavily dependent on extraction time and quality of network traffic features or representations used to train the detector. Creating efficient representations from large volumes of network traffic to develop anomaly detection models is a time and resource intensive task. In this study we propose, implement and evaluate use of Deep learning to learn effective Network data representations from raw network traffic to develop data driven anomaly detection systems. Proposed methodology provides an automated and cost effective replacement of feature extraction which is otherwise a time and resource intensive task for developing data driven anomaly detectors. The ISCX-2012 dataset is used to represent ISA-95 level-4 network traffic because the O&G network traffic at this level is not much different than normal internet traffic. We trained four representation learning models using popular deep neural network architectures to extract deep representations from ISCX 2012 traffic flows. A total of sixty anomaly detectors were trained by authors using twelve conventional Machine Learning algorithms to compare the performance of aforementioned deep representations with that of a human-engineered handcrafted network data representation. The comparisons were performed using well known model evaluation parameters. Results showed that deep representations are a promising feature in engineering replacement to develop anomaly detection models for IT infrastructure security. In our future research, we intend to investigate the effectiveness of deep representations, extracted using ISA-95:2005 Level 2-3 traffic comprising of SCADA systems, for anomaly detection in critical O&G systems.
References40
Newest
Purpose- Oil and gas organizations considered as the backbone of every country’s economy. Informationsecurity attacks on these organizations have been increased rapidly in the last decade. Oil and gasorganizations often invest in technical solutions to mitigate information security risks. Whereas, mostinformation security attacks occur due to internal employees’ negligence towards information securitypolicy. This paper based on the pilot study to analyze appropriate information security governan...
#1Rao Faizan AliH-Index: 6
#2P. D. D. DominicH-Index: 13
Last. Kashif AliH-Index: 1
view all 3 authors...
Information security attacks on oil and gas (O&G) organizations have increased since the last decade. From 2015 to 2019, almost 70 percent of O&G organizations faced at least one significant security breach worldwide. Research has shown that 43 percent of security attacks on O&G organizations occur due to the non-compliant behavior of O&G employees towards information security policy. The existing literature provides multiple solutions for technical security controls of O&G organizations. Howeve...
Source
#1Hongfang Lu (SWPU: Southwest Petroleum University)H-Index: 13
#2Lijun GuoH-Index: 3
Last. Kun Huang (SWPU: Southwest Petroleum University)H-Index: 10
view all 4 authors...
Abstract Recently, with the development of “Industry 4.0”, “Oil and Gas 4.0” has also been put on the agenda in the past two years. Some companies and experts believe that “Oil and Gas 4.0” can completely change the status quo of the oil and gas industry, which can bring huge benefits because it accelerates the digitization and intelligentization of the oil and gas industry. However, the “Oil and Gas 4.0” is still in its infancy. Therefore, this paper systematically introduces the concept and co...
Source
#1Wen SiH-Index: 1
#2Jianghai LiH-Index: 2
Last. Xiaojin HuangH-Index: 3
view all 3 authors...
Anomaly detection is significant in the cyber security of industrial control systems. Unsupervised learning neural networks approach is applicable for the anomaly detection of industrial control systems. The large amount of network packets produced from systems every time are suitable source for training data acquisition. However, the packets contains many layers following different protocols. Thus, extracting effective features from packets will make sense. First the structure of a network pack...
Source
#1Hongfang Lu (La. Tech: Louisiana Tech University)H-Index: 13
#2Kun Huang (SWPU: Southwest Petroleum University)H-Index: 10
Last. Lijun GuoH-Index: 3
view all 4 authors...
Blockchain technology has been developed for more than ten years and has become a trend in various industries. As the oil and gas industry is gradually shifting toward intelligence and digitalization, many large oil and gas companies were working on blockchain technology in the past two years because of it can significantly improve the management level, efficiency, and data security of the oil and gas industry. This paper aims to let more people in the oil and gas industry understand the blockch...
Source
#2Benni PurnamaH-Index: 3
Last. Rahmat Budiarto (Al Baha University)H-Index: 13
view all 8 authors...
Data analysis to identifying attacks/anomalies is a crucial task in anomaly detection and network anomaly detection itself is an important issue in network security. Researchers have developed methods and algorithms for the improvement of the anomaly detection system. At the same time, survey papers on anomaly detection researches are available. Nevertheless, this paper attempts to analyze futher and to provide alternative taxonomy on anomaly detection researches focusing on methods, types of an...
Source
#1Sheraz Naseer (University of Engineering and Technology, Lahore)H-Index: 8
#2Yasir Saleem (University of Engineering and Technology, Lahore)H-Index: 16
Last. Kijun Han (KNU: Kyungpook National University)H-Index: 25
view all 7 authors...
Due to the monumental growth of Internet applications in the last decade, the need for security of information network has increased manifolds. As a primary defense of network infrastructure, an intrusion detection system is expected to adapt to dynamically changing threat landscape. Many supervised and unsupervised techniques have been devised by researchers from the discipline of machine learning and data mining to achieve reliable detection of anomalies. Deep learning is an area of machine le...
Source
Multiple attributes from IP flows are combined to detect anomalous events.GA metaheuristic used for Digital Signature of Network Segment using Flow Analysis.Unsupervised training technique applied efficiently for network traffic profiling.Fuzzy Logic improved accuracy and false positives compared to state of art. Due to the sheer number of applications that uses computer networks, in which some are crucial to users and enterprises, network management is essential. Therefore, integrity and availa...
Source
Oct 30, 2017 in CCS (Computer and Communications Security)
#1Min Du (UofU: University of Utah)H-Index: 12
#2Feifei Li (UofU: University of Utah)H-Index: 43
Last. Vivek Srikumar (UofU: University of Utah)H-Index: 23
view all 4 authors...
Anomaly detection is a critical step towards building a secure and trustworthy system. The primary purpose of a system log is to record system states and significant events at various critical points to help debug system failures and perform root cause analysis. Such log data is universally available in nearly all computer systems. Log data is an important and valuable resource for understanding system status and performance issues; therefore, the various system logs are naturally excellent sour...
Source
Cited By5
Newest
#1Sheraz Naseer (University of Management and Technology, Lahore)H-Index: 8
#2Rao Faizan Ali (UTP: Universiti Teknologi Petronas)H-Index: 2
Last. P. D. D. Dominic (UTP: Universiti Teknologi Petronas)H-Index: 13
view all 4 authors...
Lysine glutarylation is a post-translation modification which plays an important regulatory role in a variety of physiological and enzymatic processes including mitochondrial functions and metaboli...
Source
#1Sheraz Naseer (University of Management and Technology, Lahore)H-Index: 8
#2Rao Faizan Ali (UTP: Universiti Teknologi Petronas)H-Index: 2
Last. Amgad Muneer (UTP: Universiti Teknologi Petronas)H-Index: 5
view all 4 authors...
In biological systems, Nitration is a crucial post-translational modification which occurs on various amino acids. Nitration of Tyrosine is regarded as nitorsative stress biomarker resulting in the formation of peroxynitrite and other reactive and harmful nitrogen species. NitroTyrosine is closely related to Carcinogenesis, tumor growth progression and other major pathological conditions including systemic autoimmune diseases, inflammation, neurodegeneration and cardiovascular disorders. Additio...
Source
#1Rao Faizan AliH-Index: 6
#2P. D. D. DominicH-Index: 13
Last. Abid SohailH-Index: 4
view all 5 authors...
Source
#1Sheraz NaseerH-Index: 8
#2Rao Faizan AliH-Index: 6
Last. Suliman Mohamed FatiH-Index: 7
view all 4 authors...
Amidation is an important post translational modification where a peptide ends with an amide group (–NH2) rather than carboxyl group (–COOH). These amidated peptides are less sensitive to proteolytic degradation with extended half-life in the bloodstream. Amides are used in different industries like pharmaceuticals, natural products, and biologically active compounds. The in-vivo, ex-vivo, and in-vitro identification of amidation sites is a costly and time-consuming but important task to study t...
Source
#1Ke DongH-Index: 1
#2Rao Faizan AliH-Index: 6
Last. Syed Emad Azhar AliH-Index: 6
view all 4 authors...
The advancement of information communication technology in healthcare institutions has increased information security breaches. Scholars and industry practitioners have reported that most security breaches are due to negligence towards organizational information security policy compliance (ISPC) by healthcare employees such as nurses. There is, however, a lack of understanding of the factors that ensure ISPC among nurses, especially in developing countries such as Malaysia. This paper develops a...
Source
This website uses cookies.
We use cookies to improve your online experience. By continuing to use our website we assume you agree to the placement of these cookies.
To learn more, you can find in our Privacy Policy.