Time is of the Essence: Machine Learning-based Intrusion Detection in Industrial Time Series Data

TL;DR

This paper evaluates machine learning algorithms for intrusion detection in industrial time series data, highlighting Matrix Profiles as effective with minimal parameter tuning, while LSTM neural networks are less efficient.

Contribution

It compares three algorithms for intrusion detection in industrial time series, emphasizing the practicality of Matrix Profiles for real-world applications.

Findings

Matrix Profiles perform well with minimal parameterization.

Seasonal ARIMA handles noisy data effectively.

LSTM neural networks show mediocre performance and high complexity.

Abstract

The Industrial Internet of Things drastically increases connectivity of devices in industrial applications. In addition to the benefits in efficiency, scalability and ease of use, this creates novel attack surfaces. Historically, industrial networks and protocols do not contain means of security, such as authentication and encryption, that are made necessary by this development. Thus, industrial IT-security is needed. In this work, emulated industrial network data is transformed into a time series and analysed with three different algorithms. The data contains labeled attacks, so the performance can be evaluated. Matrix Profiles perform well with almost no parameterisation needed. Seasonal Autoregressive Integrated Moving Average performs well in the presence of noise, requiring parameterisation effort. Long Short Term Memory-based neural networks perform mediocre while requiring a high training- and parameterisation effort.