Simplicity over Complexity: An ARN-Based Intrusion Detection Method for Industrial Control Network
Ziyi Liu, Dengpan Ye, Changsong Yang, Yong Ding, Yueling Liu, Long Tang, Chuanxi Chen
TL;DR
This paper tackles intrusion detection in industrial control networks (ICN), where traffic is large-scale, high-dimensional, and temporally correlated. It introduces the associative recurrent network (ARN), which uses a one-way single attention (S-ATT) mechanism to learn the relationship between past hidden states and current inputs, thereby avoiding gate conflicts seen in GRU and improving temporal representation. The authors provide a theoretical complexity analysis showing ARN has comparable $O(n^2)$ time complexity to GRU and demonstrate state-of-the-art performance on the SWaT and UNSW-NB15 datasets, achieving 95.48% and 97.61% accuracies respectively, via a prototype implementation. The work indicates practical impact for real-time ICN defense, while acknowledging limitations such as potential loss of distant past information and outlining future directions including security-forecasting capabilities for ICN.
Abstract
Industrial control network (ICN) is characterized by real-time responsiveness and reliability, which plays a key role in increasing production speed, rational and efficient processing, and managing the production process. Despite tremendous advantages, ICN inevitably struggles with some challenges, such as malicious user intrusion and hacker attack. To detect malicious intrusions in ICN, intrusion detection systems have been deployed. However, in ICN, network traffic data is equipped with characteristics of large scale, irregularity, multiple features, temporal correlation and high dimensionality, which greatly affect the efficiency and performance. To properly solve the above problems, we design a new intrusion detection method for ICN. Specifically, we first design a novel neural network model called associative recurrent network (ARN), which can properly handle the relationship between past moment hidden state and current moment information. Then, we adopt ARN to design a new intrusion detection method that can efficiently and accurately detect malicious intrusions in ICN. Subsequently, we demonstrate the high efficiency of our proposed method through theoretical computational complexity analysis. Finally, we develop a prototype implementation to evaluate the accuracy. The experimental results prove that our proposed method has sate-of-the-art performance on both the ICN dataset SWaT and the conventional network traffic dataset UNSW-NB15. The accuracies on the SWaT dataset and the UNSW-NB15 dataset reach 95.48% and 97.61%, respectively.