Special Offers
- IGI Global’s New Emerging Topic e-Book Collections
  Acquire highly focused and affordable Cutting-Edge Peer-Reviewed Research Content through a selection of 17 topic-focused e-Book Collections discounted up to 90%, compared to list prices. Collection topics include Artificial Intelligence, Data Science, Language Learning, Marketing and Customer Relations, Sustainability, and many more. Hosted on the InfoSci^® platform, these collections feature no DRM, no additional cost for multi-user licensing, no embargo of content, full-text PDF & HTML format, and more.
  Learn More
- Open Access Book (Free Access) - Encyclopedia of Information Science and Technology, Sixth Edition (ISBN: 9781668473665)
  The Encyclopedia of Information Science and Technology, Sixth Edition) continues the legacy set forth by the first five editions by providing comprehensive coverage and up-to-date definitions of the most important issues, concepts, and trends pertaining to technological advancements and information management within a variety of settings and industries. The entire book is being published under open access.
  Read Now
- Open Access Book (Free Access) - Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries (ISBN: 9781668456293)
  Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries provides information on the recent technology, mitigation, and environmental protection that must be applied for food sustainability in developing countries. This book is being published under Platinum Open Access through funding from Diponegoro University, Indonesia.
  Read Now
- Open Access Book (Free Access) - New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY (ISBN: 9781668438091)
  The Walmart Corporation and the Lumina Foundation have provided funding to make New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY fully open access, completely removing any paywall between scholars in education and the latest research on new models for the future of higher education.
  Read Now
- Open Access Book (Free Access) - Handbook of Research on the Global View of Open Access and Scholarly Communications (ISBN: 9781799898054)
  Through a collaboration between IGI Global and the University of North Texas, the Handbook of Research on the Global View of Open Access and Scholarly Communications has been published as fully open access, completely removing any paywall between researchers of any field, and the latest research on the equitable and inclusive nature of Open Access and all of its complications.
  Read Now
Books
- - Books by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Books by Field
Journals
- - Journals
  - OnDemand Journal Articles
  - Journals by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Journals by Field
e-Collections
OnDemand
Open Access
- View All Open Access Opportunities
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Find an Open Access Journal for Your Next Manuscript
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Submit an Open Access Book Proposal
  Learn more about open access book publishing and how it can propel your research forward in the field.
  Convert Your Work to Open Access
  Already published? You can convert your work to open access to increase its impact through IGI Global’s Restrospective Open Access Program.
  Utilize Open Access Collection Database
  Open up your research potential by utilizing our open access content or integrating the open access collection into your library
  Consider Open Access Agreements
  For Libraries: consider no-cost or investment-level open access agreements with IGI Global to support your faculty's research endeavors.
  Search Funding Resources
  Looking for additional funding resources to support your open accesss endeavors? View industry resources compiled by our open access team.
  Review Open Access Policies & Ethical Guidelines
  Considering IGI Global to publish your work under open access? Review IGI Global’s open access policies and ethical guidelines
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - FAQ
Catalogs
About Us

Deep Learning for Cyber Security Risk Assessment in IIoT Systems

Mirjana D. Stojanović, Jasna D. Marković-Petrović

Source Title: Encyclopedia of Data Science and Machine Learning

DOI: 10.4018/978-1-7998-9220-5.ch127

OnDemand:

(Individual Chapters)

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

This article addresses cyber security risk assessment in industrial internet of things (IIoT) networks, and particularly the continuous risk assessment (CRA) process, which assumes real-time, dynamic risk evaluation based on the run-time data. IIoT cyber security risks, threats, and attacks are briefly presented. Requirements for cyber security risk assessment of industrial control systems as well as applicability of machine learning for that purpose are considered. The architectural view of the CRA process in the IIoT environment is presented and discussed. Possibilities of deep learning approaches to achieve CRA in IIoT systems are explored. Deep learning can be integrated into edge-computing-based systems and used for feature extraction and risk classification from massive raw data. Several research works are presented and briefly discussed. The article ends with emphasizing the future research directions and concluding remarks.

Chapter Preview

Top

Background

This section briefly reviews the theoretical background for cyber security risk assessment in the industrial IoT environment. Since identification of risks, threats and attacks precedes risk assessment process, the first part is dedicated to classification of cyber security risks, threats and attacks that are specific for IIoT systems. The second part surveys cyber security risk assessment of industrial systems in terms of actual standards, security principles and priorities, as well as classification of risk assessment methods. The final part discusses general use of machine learning for security and engineering risk assessment.

IIoT Cyber Security Risks, Threats and Attacks

In addition to performance degradation, successful cyber attacks on IIoT system may have permanent or temporary impact on human health and lives, the environment and assets. The main security risks include the lack of authentication and security in sensors and other cyber-physical devices; insecure gateways through which data is transmitted to the cloud; cloud security issues and insecure communication protocols. Successful attacks may cause a number of operational issues such as equipment damage, unforeseen operational concerns, endangered personal safety and regulatory issues (Stojanović & Boštjančič Rakas, 2020).

Several recent studies have provided classification and description of the cyber security threats and attacks against IIoT systems. Sajid, Abbas, and Saleem (2016) identify the most specific threats to supervisory control and data acquisition (SCADA) systems in IoT-cloud environments as follows: advanced persistent threats (APT), lack of data integrity protection, man-in-the-middle (MITM) attacks, identity theft, eavesdropping, replay attacks, as well as different forms of denial of service (DoS) attacks. Leander, Čaušević, and Hansson (2019) apply a threat model based on the STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service and Elevation of privilege) method, which was originally introduced by Microsoft. They demonstrate the model on three typical scenarios related to the flow-control loop from the perspective of an industrial automation and control system (IACS). Tsiknas, Taketzis, Demertzis, and Skianis (2021) classify the IIoT threats in five generic categories: phishing attacks, ransomware, protocol, supply chain, and system attacks. Such a classification enables understanding of the security risks and the associated countermeasures in the IIoT environment.

Berger, Burger, and Roglinger (2020) propose three-layer taxonomy of attacks on the IIoT, where each layer is associated with appropriate dimensions and characteristics. Thus, the method of operation layer identifies the entry points and methods used to perform an attack. This layer classifies attacks according to the technique, mechanism, executability and focus. The target layer classifies attacks according to the vulnerability and IIoT level. Finally, the impact layer characterizes effects of the successful attack in the sense of consequence and scope. Table 1 briefly summarizes previously described approaches.

Table 1.

Taxonomies of IIoT cyber security risks, threats and attacks

Source	Category	Taxonomy	Main characteristics
Stojanović and Boštjančič Rakas (2020)	Cyber security risks	• Lack of authentication and security in cyber-physical devices • Insecure gateways • Cloud security issues • Insecure communication protocols	General classification that facilitates identification of IIoT operational issues in the case of successful attacks
Sajid et al. (2016)	Cyber security threats	• APT • Lack of data integrity protection • MITM attacks • Identity theft • Eavesdropping • Replay attacks • Different forms of DoS	Intended for IoT-based SCADA systems
Leander et al. (2019)	Cyber security threats	• STRIDE model	Intended for IACS
Tsiknas et al. (2021)	Cyber security threats	Five-category model: • Phishing attacks • Ransomware • Protocol • Supply chain • System attacks	Generic model suitable for definition of countermeasures
Berger et al. (2020)	Cyber security attacks	Three-layer model: • Method of operation layer • Target layer • Impact layer	Multi-layer taxonomy that facilitates identification of similarities and differences between attacks on the IIoT

Key Terms in this Chapter

Continuous Risk Assessment (CRA): Risk assessment process that is performed dynamically, on an ongoing basis.

Industrial Control System (ICS): A general term that refers to the interconnected equipment used to monitor and control physical equipment and processes in industrial environments.

Classification Accuracy: In the context of machine learning, a metric that represents the rate of correct classifications.

Asset: Any element of an information system that possesses a value.

Cyber Security Threat: An event that can take advantage of system’s vulnerability and cause a negative impact on it.

Return on Security Investment (ROSI): Risk metric, which calculates the loss avoided through preventive investments in security.

Deep Neural Network (DNN): A neural network with multiple hidden layers, which use sophisticated mathematical modeling to process data in a complex way.

Security Information and Event Management (SIEM): A software solution that collects security data from various network devices and performs data analytics and correlation of the corresponding security events.

Cyber Security Risk: Exposure to harm or loss resulting from data breaches or attacks on information and communication systems.

Cyber Security Attack: Any action that targets information systems, computer networks, infrastructures, or personal computer devices, with the intent to cause damage.

Complete Chapter List

Search this Book:

Reset

MLA

APA

Chicago

Export Reference