Machine Learning for Securing Industrial Networks

The next industrial revolution dubbed Industry 4.0 that is underway, holds the promise of greater automation and productivity but also introduces new security risks and threats to Industrial Control Systems from unsecured devices and machines. Connected devices suffer from vulnerabilities that have often been exploited, as in recent Mirai botnets, to launch crippling distributed denial of service (DDoS) attacks on critical infrastructure. As traditional host-centric IT security solutions are not well suited for such highly vulnerable environment of constrained devices we propose the use of novel networkcentric approaches based on unsupervised machine learning using Autoencoders and Principal Component Analysis (PCA). We show that these approaches can be very effective in real-time detection of various types of Denial of Service attacks ranging from layer 3 attacks to application layer attacks. At the same time, they can also effectively identify compromised end points thus allowing the use of mechanisms such as Software Defined Networking (SDN) to block attack traffic close to the source. We also show that such unsupervised machine learning security approaches are easier to instrument and are more effective in detecting new and unseen attacks compared to supervised machine learning methods such as Support Vector Machines (SVM).