TY - GEN
T1 - Adaptive intrusion detection system for cyber-manufacturing system
AU - Prasad, Romesh
AU - Moon, Young
N1 - Publisher Copyright:
Copyright © 2021 by ASME.
PY - 2021
Y1 - 2021
N2 - While Cyber-Manufacturing System security must involve three separate yet interrelated processes (prediction, detection, and prevention), the detection process is the focus of research presented in this paper. Current intrusion detection systems often result in high false positive and false negative rates. Also, the actual detection time may take long time—up to several months. The current intrusion detection systems rely heavily on the network data, but do not utilize the physical data such as side channel, sensor reading, image, keystrokes., which are generated during manufacturing processes. An adaptive intrusion detection system composed of two security layers is proposed to detect cyber-physical intrusions. Model-free deep reinforcement learning is used in the two security layers: the network layer and the physical layer. The capability of reinforcement learning through trial and error and a course of actions based on observations in an environment makes it more robust to the continuously changing attack vectors in current manufacturing industry. The proposed intrusion detection system demonstrates that it can reduce the false positive rate and generate alerts to a wide range of attack patterns.
AB - While Cyber-Manufacturing System security must involve three separate yet interrelated processes (prediction, detection, and prevention), the detection process is the focus of research presented in this paper. Current intrusion detection systems often result in high false positive and false negative rates. Also, the actual detection time may take long time—up to several months. The current intrusion detection systems rely heavily on the network data, but do not utilize the physical data such as side channel, sensor reading, image, keystrokes., which are generated during manufacturing processes. An adaptive intrusion detection system composed of two security layers is proposed to detect cyber-physical intrusions. Model-free deep reinforcement learning is used in the two security layers: the network layer and the physical layer. The capability of reinforcement learning through trial and error and a course of actions based on observations in an environment makes it more robust to the continuously changing attack vectors in current manufacturing industry. The proposed intrusion detection system demonstrates that it can reduce the false positive rate and generate alerts to a wide range of attack patterns.
KW - Cyber-manufacturing system (CMS)
KW - Intrusion detection system (IDS)
KW - Reinforcement learning (RL)
UR - http://www.scopus.com/inward/record.url?scp=85124423054&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85124423054&partnerID=8YFLogxK
U2 - 10.1115/IMECE2021-70017
DO - 10.1115/IMECE2021-70017
M3 - Conference contribution
AN - SCOPUS:85124423054
T3 - ASME International Mechanical Engineering Congress and Exposition, Proceedings (IMECE)
BT - Advanced Manufacturing
PB - American Society of Mechanical Engineers (ASME)
T2 - ASME 2021 International Mechanical Engineering Congress and Exposition, IMECE 2021
Y2 - 1 November 2021 through 5 November 2021
ER -