A Survey on Network Intrusion Detection Using Deep Generative Networks for Cyber-Physical Systems

Introduction

In the present computing world, the volume of the data or information is increased rapidly, and the role of computers in managing and maintaining the integrity of the networks is quickly expanded in domains such as social networks, e-commerce, and health care. More human activities are also grown in these domains; this leads to the occurrence of more internal intrusion within the network. The role of the Intrusion Detection System (IDS) is to protect networks from vulnerable attacks from both external and internal intruders. An IDS (P Anderson, 1980) is either a software or hardware used to monitor the activities of computer networks. The IDS protects the network from the threats by analyzing patterns of captured data packets. These threats can be overwhelming; for example, Denial of service (DoS) attacks prevent genuine user’s resources by generating unwanted traffic (Mitchell & Chen, 2014). In contrast, Malware or Trojans are the hidden programs installed by the attackers to interrupt network systems (Kettani & Cannistra, 2018). Many IDS exist in the contemporary digital era, but most of the IDS services have experienced the difficulty of a high false alarm rate. This is also one of the challenges to be handled in designing efficient IDS. One more significant issue to be resolved is to reduce the load on the administrator and useful classification of assigning class labels to the unlabelled records. Another difficulty of some existing IDS is their incapability to recognize unknown attacks. These IDS depends on the signatures of acknowledged attacks.

An active IDS can be designed by using various machine learning techniques. The machine learning classification schemes are used to separate regular traffic from abnormal traffic. The machine learning model is developed by training on an NSL-KDD (Farahnakian & Heikkonen, 2018) dataset to forecast an attack using classification schemes. Many machine learning approaches have been productively implemented as classifiers on IDS. But these approaches have several flaws such as high false alarm rate (FAR) and low throughput.

Cyber-physical systems (CPS) can be referred to as modern systems with assimilated computational and physical capabilities that can communicate with humans in new ways. Such technologies have an immense effect on several sectors, such as environmental management, smart transport, manufacturing, smart grid, smart house, smart infrastructure, and smart healthcare. Both of these domains are network-dependent because they involve remote data transmission to transmit data from sensors to actuators through the control center. Contact in a large network renders the device fragile and creates a humongous space for adversaries to attack.

The Internet of Things (IoT), one of the core sub-domains of CPS, has introduced major technical developments to a whole new stage where data is the driving power. In tandem with actuators, motors, cameras, applications, and networking, IoT has opened up a new layer to facilitate communication, processing, and data sharing. While generally acknowledged, almost 85 percent of IoT systems remain susceptible to a large variety of cyberattacks. These are vulnerable to different forms of threats, such as man-in-the-center, data and identity stealing, distributed denial of service (DDoS), computer hijacking, etc. To secure protection vital structures from intruders, rigorous monitoring procedures to identify all types of intruders must be taken into consideration.

The IDS is responsible for monitoring network activity and device data for unauthorized behaviors and for providing warnings, which are the first and foremost component of the security policy in the CPS environment. Getting clear awareness of the precise place and period at which particular anomalies produce hazards in the environment tends to minimize impacts by taking suitable measures, and therefore, intrusion management mechanisms step into the frame. The intrusion avoidance program operates at the same time as the intrusion detection device to avoid the intruder from doing further harm to the network.

Machine learning-based IDS can find anomalies in the System with considerable accuracy. Even though the emerging IT CPS trends such as Industry 4.0, IoT, Big Data, and Cloud Computing adds more momentum, it introduces Many bugs, too. Also, the architectural novel The compositions bring sophistication to the pattern due to Unknown emerging behavior. There needs to be an individual IDS Built to observe their relationship with this complex System, but insufficient data is limiting model training. Besides, most of these datasets are unbalanced. Where different types of attack data are not available on a large scale Scaling compared to the normal data.