Abstract
The backbone of the economy, security and sustainability of a state is inseparably linked to the security of its critical infrastructure. Critical infrastructures define goods, systems or subsystems that are essential to maintain the vital functions of society, health, physical protection, security plus economic and social well-being of citizens. The digital security of critical infrastructures is a very important priority for the well-being of every country, especially nowadays, because of the direct threats dictated by the current international conjuncture and due to the emerging interactions or interconnections developed between the National Critical Infrastructures, internationally. The aim of this research is the development and testing of an Anomaly Detection intelligent algorithm that has the advantage to run very fast with a small portion of the available data and to perform equally well with the existing approaches. Such a system must be characterized by high efficiency and very fast execution. Thus, we present the Gryphon advanced intelligence system. Gryphon is a Semi-Supervised Unary Anomaly Detection System for big industrial data which is employing an evolving Spiking Neural Network (eSNN) One-Class Classifier (eSNN-OCC). This machine learning algorithm corresponds to a model capable of detecting very fast and efficiently, divergent behaviors and abnormalities associated with cyberattacks, which are known as Advanced Persistent Threat (APT). The training process is performed on data related to the normal function of a critical infrastructure.
Similar content being viewed by others
References
Hurst W, Merabti M, Fergus P (2014) A survey of critical infrastructure security. In: Butts J, Shenoi S (eds) Critical infrastructure protection VIII. ICCIP 2014. IFIP Advances in information and communication technology, vol 441. Springer, Berlin
Yusufovna F, Alisherovich F, Choi M, Cho E, Abdurashidovich F, Kim T (2009) Research on critical infrastructures and critical information infrastructures. In: Proceedings of the symposium on bio-inspired learning and intelligent systems for security, pp 97–101
Hurst W, Merabti M, Fergus P (2013) Behavioral observation for critical infrastructure security support. In: Proceedings of the seventh IEEE European modeling symposium, pp 36–41
Wang C, Fang L, Dai Y (2010) A simulation environment for SCADA security analysis and assessment. In: Proceedings of the international conference on measuring technology and mechatronics automation, vol 1, pp 342–347
Walker J, Williams B, Skelton G (2010) Cyber security for emergency management. In: Proceedings of the IEEE international conference on technologies for homeland security, pp 476–480
Jeun I, Lee Y, Won D (2012) A practical study on advanced persistent threats. In: Kim T et al (eds) Computer applications for security, control and system engineering. Communications in computer and information science, vol 339. Springer, Berlin
Demertzis K, Iliadis LS, Anezakis V-D (2018) An innovative soft computing system for smart energy grids cybersecurity. In: Santamouris M (ed) Advances in building energy research. Taylor & Francis, London, pp 1–22
Demertzis K, Iliadis L (2014) A hybrid network anomaly and intrusion detection approach based on evolving spiking neural network classification. In: Sideridis A, Kardasiadou Z, Yialouris C, Zorkadis V (eds) E-democracy, security, privacy and trust in a digital world. e-Democracy 2013. Communications in computer and information science, vol 441. Springer, Cham
Demertzis K, Iliadis L (2014) Evolving computational intelligence system for malware detection. In: Iliadis L, Papazoglou M, Pohl K (eds) Advanced information systems engineering workshops. CAiSE 2014. Lecture notes in business information processing, vol 178. Springer, Cham. https://doi.org/10.1007/978-3-319-07869-4_30
Demertzis K, Iliadis L (2014) Bio-inspired hybrid artificial intelligence framework for cyber security. In: Daras N, Rassias M (eds) Computation, cryptography, and network security. Springer, Cham
Demertzis K, Iliadis L (2014d) Bio-inspired hybrid intelligent method for detecting android malware. In: Iliadis L, Papazoglou M, Pohl K (eds) Advanced information systems engineering workshops. CAiSE 2014. Lecture notes in business information processing, vol 178. Springer, Cham
Demertzis K, Iliadis L (2015a) Evolving smart URL filter in a zone-based policy firewall for detecting algorithmically generated malicious domains. In: Gammerman A, Vovk V, Papadopoulos H (eds) Statistical learning and data sciences. SLDS 2015. Lecture notes in computer science, vol 9047. Springer, Cham
Demertzis K, Iliadis L (2015b) SAME: an intelligent anti-malware extension for android ART virtual machine. In: Núñez M, Nguyen N, Camacho D, Trawiński B (eds) Computational collective intelligence. Lecture notes in computer science, vol 9330. Springer, Cham
Demertzis K, Iliadis L (2017) Computational intelligence anti-malware framework for android OS. Vietnam J Comput Sci 4:245. https://doi.org/10.1007/s40595-017-0095-3
Demertzis K, Iliadis L (2016) Ladon: a cyber-threat bio-inspired intelligence management system. J Appl Math Bioinform 6(3):45–64
Shehroz SΚ, Madden MG (2014) One-class classification: taxonomy of study and review of techniques. Knowl Eng Rev. https://doi.org/10.1017/S026988891300043X
Mao J, Jain AK, Duin PW (2000) Statistical pattern recognition: a review. IEEE Trans Pattern Anal Mach Intell 22(1):4–37
Ban T, Abe S (2006) Implementing multi-class classifiers by one-class classification methods. In: International joint conference on neural networks, pp 327–332
Munoz-Mari J, Bovolo F, Gomez-Chova L, Bruzzone L, Camp-Valls G (2010) Semisupervised one-class support vector machines for classification of remote sensing data. IEEE Trans Geosci Remote Sens 48(8):3188–3197. https://doi.org/10.1109/TGRS.2010.2045764
Roth V (2006) Kernel fisher discriminants for outlier detection. Neural Comput 18(4):942–960
Abe N, Zadrozny B, Langford J (2006) Outlier detection by active learning. In: Proceedings of the 12th ACM SIGKDD international conference on knowledge discovery and data mining, pp 767–772. ACM Press, New York
Tax DMJ, Muller KR (2004) A consistency-based model selection for one-class classification. In: Proceedings of the 17th international conference on pattern recognition (ICPR 2004), vol 3, pp 363–366
Wilk T, Wozniak M (2012) Soft computing methods applied to combination of one-class classifiers. Neurocomputing 75:185–193
Huang W, Li N, Lin Z, Huang GB, Zong W, Zhou J, Duan Y (2013) Liver tumor detection and segmentation using kernel based extreme learning machine. In: IEEE conference on Engineering in Medicine and Biology Society (EMBC), pp 3662–3665, 3–7 July
Zhu WZ (2015) Data and feature mixed ensemble based extreme learning machine for medical object detection and segmentation. Multimed Tools Appl 75:2815–2837
Juszczak P (2006) Learning to recognize. A study on one-class classification and active learning. Ph.D. thesis, Delft University of Technology
Luo J, Ding L, Pan Z, Ni G, Hu G (2007) Research on cost-sensitive learning in one-class anomaly detection algorithms. In: **ao B, Yang LT, Ma J, Muller-Schloer C, Hua Y (eds) Autonomic and trusted computing, vol 4610. Lecture notes in computer science. Springer, Berlin, pp 259–268
Tax DMJ, Laskov P (2003) Online SVM learning: from classification to data description and back. In: IEEE 13th workshop on neural networks for signal processing, (NNSP’03), pp 499–508. IEEE
Manevitz L, Yousef M (2001) One-class SVM for document classification. J Mach Learn Res 2:139–154
Manevitz L, Yousef M (2007) One-class document classification via neural networks. Neurocomputing 70:1466–1481
Shieh AD, Kamm DF (2009) Ensembles of one class support vector machines, vol 5519. Lecture notes in computer science. Springer, Berlin, pp 181–190
Chen Q, Abdelwahed S (2013) A model-based approach to self-protection in computing system. In: Proceeding CAC ‘13 of the ACM cloud and autonomic computing conference, article No. 16
Soupionis Y, Ntalampiras S, Giannopoulos G (2016) Vol 8985 of the book series Lecture notes in computer science. https://doi.org/10.1007/978-3-319-31664-2_29
Tao X, Renmu H, Peng W, Dongjie X (2004) Applications of data mining technique for power system transient stability prediction. Proc IEEE Electr Util Deregul Restruct Power Technol 1:389–392
Yasakethu SLP, Jiang J (2013) Intrusion detection via machine learning for SCADA system protection, learning and development ltd. In: Proceedings of the 1st international symposium for ICS and SCADA cyber security research
Weiss J (2003) Current status of cybersecurity of control systems. In: Presentation to Georgia Tech protective relay conference
Boyer SΑ (2010) SCADA: supervisory control and data acquisition, 4th edn. International Society of Automation, Research Triangle Park
Demertzis K, Iliadis L, Spartalis S (2017) A spiking one-class anomaly detection framework for cyber-security on industrial control systems. In: Boracchi G, Iliadis L, Jayne C, Likas A (eds) Engineering applications of neural networks. EANN 2017. Communications in computer and information science, vol 744. Springer, Cham
Bougoudis I, Demertzis K, Iliadis L, Anezakis VD, Papaleonidas A (2016) Semi-supervised hybrid modeling of atmospheric pollution in urban centers. In: Proceedings engineering applications of neural networks. EANN 2016. Communications in computer and information science, vol 629. Springer
Kecman V (2001) Learning and soft computing. MIT Press, Cambridge
Iliadis L (2007) Intelligent systems and application in risk estimation. In: Stamoulis A (eds) Thessaloniki, Greece. ISBN: 978-960-6741-33-3
Iliadis L, Papaleonidas A (2016) Computational intelligence an intelligent agents. In: Tziolas A (eds) Thessaloniki, Greece. ISBN: 978-960-418-601-3
Schliebs S, Kasabov N (2013) Evolving spiking neural network—a survey. Evol Syst 4:87. https://doi.org/10.1007/s12530-013-9074-9
Sjostrom J, Gerstner W (2010) Spike-timing dependent plasticity. In: Scholarpedia 5.2. Revision 142314, p 1362
Swiercz W, Swiercz W, Cios KJ, Staley K, Kurgan L, Accurso F, Sagel S (2006) A new synaptic plasticity rule for networks of spiking neurons. IEEE Trans Neural Netw 17(1):94–105
Sen P, Namata G, Bilgic M, Getoor L, Galligher B, Rad ET (2008) Collective classification in network data. Adv Artif Intell 29(3):93–106
Zwillinger D, Kokoska S (2000) CRC standard probability and statistics tables and formulae. CRC Press, Boca Raton
Morris TH, Thornton Z, Turnipseed I (2015) Industrial control system simulation and data logging for intrusion detection system research. Int J Netw Secur (IJNS) 17(2):174–188
Fawcett T (2006) An introduction to ROC analysis. Pattern Recognit Lett 27(8):861–874. https://doi.org/10.1016/j.patrec.2005.10.010
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors certify that they have NO affiliations with or involvement in any organization or entity with any financial interest (such as honoraria; educational grants; participation in speakers’ bureaus; membership, employment, consultancies, stock ownership, or other equity interest; and expert testimony or patent-licensing arrangements), or non-financial interest (such as personal or professional relationships, affiliations, knowledge or beliefs) in the subject matter or materials discussed in this manuscript.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Demertzis, K., Iliadis, L. & Bougoudis, I. Gryphon: a semi-supervised anomaly detection system based on one-class evolving spiking neural network. Neural Comput & Applic 32, 4303–4314 (2020). https://doi.org/10.1007/s00521-019-04363-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-019-04363-x