A machine-learning-based approach to build zero-false-positive IPSs for industrial IoT and CPS with a case study on power grids security

Mohammad Sayad Haghighi*, Faezeh Farivar, Alireza Jolfaei

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

11 Citations (Scopus)

Abstract

Intrusion prevention systems have long been the first layer of defense against malicious attacks. Most sensitive systems employ instances of them (e.g., Firewalls) to secure the network perimeter and filter out attacks or unwanted traffic. A firewall, similar to classifiers, has a boundary to decide which traffic sample is normal and which one is not. This boundary is defined by configuration and is managed by a set of rules that occasionally might also filter the normal traffic by mistake. However, for some applications, any interruption of the normal operation is not tolerable, e.g., in power plants, water distribution systems, gas or oil pipelines, etc. In this article, we design a learning firewall that receives labeled samples and configures itself automatically by writing preventive rules in a conservative way that avoids false alarms.We design a new family of classifiers, called z-classifiers, that unlike the traditional ones that merely target accuracy, rely on zero false positive as the metric for decision making. First, we analytically show why naive modification of current classifiers like support vector machine does not yield acceptable results, and then, propose a generic iterative algorithm to accomplish this goal. We use the proposed classifier with CART at its heart to build a firewall for a power grid monitoring system.To further evaluate the algorithm, we additionally test it on KDD CUP'99 dataset. The results confirm the effectiveness of our approach.

Original languageEnglish
Pages (from-to)920-928
Number of pages9
JournalIEEE Transactions on Industry Applications
Volume60
Issue number1
DOIs
Publication statusPublished - 2024

Fingerprint

Dive into the research topics of 'A machine-learning-based approach to build zero-false-positive IPSs for industrial IoT and CPS with a case study on power grids security'. Together they form a unique fingerprint.

Cite this