https://www.mdu.se/

mdu.sePublications
Change search
Link to record
Permanent link

Direct link
Publications (10 of 29) Show all publications
Punnekkat, S., Markovic, T., Leon, M., Leander, B., Dehlaghi-Ghadim, A. & Strandberg, P. E. (2024). InSecTT Technologies for the Enhancement of Industrial Security and Safety. In: Studies in Computational Intelligence: (pp. 83-104). Springer Science and Business Media Deutschland GmbH, 1147
Open this publication in new window or tab >>InSecTT Technologies for the Enhancement of Industrial Security and Safety
Show others...
2024 (English)In: Studies in Computational Intelligence, Springer Science and Business Media Deutschland GmbH , 2024, Vol. 1147, p. 83-104Chapter in book (Other academic)
Abstract [en]

The recent advances in digitalization, improved connectivity and cloud based services are making a huge revolution in manufacturing domain. In spite of the huge potential benefits in productivity, these trends also bring in some concerns related to safety and security to the traditionally closed industrial operation scenarios. This paper presents a high-level view of some of the research results and technological contributions of the InSecTT Project for meeting safety/security goals. These technology contributions are expected to support both the design and operational phases in the production life cycle. Specifically, our contributions spans (a) enforcing stricter but flexible access control, (b) evaluation of machine learning techniques for intrusion detection, (c) generation of realistic process control and network oriented datasets with injected anomalies and (d) performing safety and security analysis on automated guided vehicle platoons.

Place, publisher, year, edition, pages
Springer Science and Business Media Deutschland GmbH, 2024
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-68165 (URN)10.1007/978-3-031-54049-3_5 (DOI)2-s2.0-85200487605 (Scopus ID)
Available from: 2024-08-14 Created: 2024-08-14 Last updated: 2024-08-14Bibliographically approved
Lidholm, P., Markovic, T., Leon, M. & Strandberg, P. E. (2024). Network Intrusion Detection using Machine Learning on Resource-Constrained Edge Devices. In: Proceedings of the International Joint Conference on Neural Networks: . Paper presented at 2024 International Joint Conference on Neural Networks, IJCNN 2024Yokohama. 30 June 2024 through 5 July 2024. Code 202527. Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Network Intrusion Detection using Machine Learning on Resource-Constrained Edge Devices
2024 (English)In: Proceedings of the International Joint Conference on Neural Networks, Institute of Electrical and Electronics Engineers Inc. , 2024Conference paper, Published paper (Refereed)
Abstract [en]

The rapid growth of the Internet has led to the evolution of sophisticated security threats that exploit vulnerabilities within networks. The defence mechanisms must quickly adapt to these new threats to ensure that networks stay secure. One possible mechanism is to use Machine Learning (ML) algorithms to detect malicious activities. The edge devices that control and manage the network, such as routers, already have access to the data that is flowing through the network and may utilize its own computational resources to host ML algorithms and use them to detect intrusions. This paper presents a system for network intrusion detection which is deployed to an edge device and evaluated for live binary classification of network traffic. Different ML algorithms (Decision Tree, Random Forest, and Artificial Neural Network) are evaluated on existing datasets (Westermo and CIC-IDS-2017). Flow-based data pre-processing is performed and different labeling strategies and flow durations are used and compared. The most effective version of each algorithm is implemented and deployed on the Westermo Lynx- 3510 routing-capable network switch and system performance is assessed across various scenarios with simulated network attacks. The experiments showed that Random Forest is the best option, closely followed by Decision Tree.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2024
Keywords
Edge Computing, Embedded System, Intrusion Detection, Machine Learning, Adversarial machine learning, Defence mechanisms, Embedded-system, Intrusion-Detection, Machine learning algorithms, Machine-learning, Network intrusion detection, Random forests, Rapid growth, Security threats, Network intrusion
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-68653 (URN)10.1109/IJCNN60899.2024.10650425 (DOI)2-s2.0-85204954421 (Scopus ID)9798350359312 (ISBN)
Conference
2024 International Joint Conference on Neural Networks, IJCNN 2024Yokohama. 30 June 2024 through 5 July 2024. Code 202527
Available from: 2024-10-10 Created: 2024-10-10 Last updated: 2024-10-10Bibliographically approved
Markovic, T., Leon, M., Buffoni, D. & Punnekkat, S. (2024). Random forest with differential privacy in federated learning framework for network attack detection and classification. Applied intelligence (Boston)
Open this publication in new window or tab >>Random forest with differential privacy in federated learning framework for network attack detection and classification
2024 (English)In: Applied intelligence (Boston), ISSN 0924-669X, E-ISSN 1573-7497Article in journal (Refereed) Published
Abstract [en]

Communication networks are crucial components of the underlying digital infrastructure in any smart city setup. The increasing usage of computer networks brings additional cyber security concerns, and every organization has to implement preventive measures to protect valuable data and business processes. Due to the inherent distributed nature of the city infrastructures as well as the critical nature of its resources and data, any solution to the attack detection calls for distributed, efficient and privacy preserving solutions. In this paper, we extend the evaluation of our federated learning framework for network attacks detection and classification based on random forest. Previously the framework was evaluated only for attack detection using four well-known intrusion detection datasets (KDD, NSL-KDD, UNSW-NB15, and CIC-IDS-2017). In this paper, we extend the evaluation for attack classification. We also evaluate how adding differential privacy into random forest, as an additional protective mechanism, affects the framework performances. The results show that the framework outperforms the average performance of independent random forests on clients for both attack detection and classification. Adding differential privacy penalizes the performance of random forest, as expected, but the use of the proposed framework still brings benefits in comparison to the use of independent local models. The code used in this paper is publicly available, to enable transparency and facilitate reproducibility within the research community.

Place, publisher, year, edition, pages
SPRINGER, 2024
Keywords
Attack detection, Attack classification, Random forest, Federated learning, Differential privacy
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-67999 (URN)10.1007/s10489-024-05589-6 (DOI)001251526600001 ()2-s2.0-85196625216 (Scopus ID)
Available from: 2024-07-03 Created: 2024-07-03 Last updated: 2024-07-10Bibliographically approved
Markovic, T., Leon, M., Leander, B. & Punnekkat, S. (2023). A Modular Ice Cream Factory Dataset on Anomalies in Sensors to Support Machine Learning Research in Manufacturing Systems. IEEE Access, 11, 29744-29758
Open this publication in new window or tab >>A Modular Ice Cream Factory Dataset on Anomalies in Sensors to Support Machine Learning Research in Manufacturing Systems
2023 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 11, p. 29744-29758Article in journal (Refereed) Published
Abstract [en]

A small deviation in manufacturing systems can cause huge economic losses, and all components and sensors in the system must be continuously monitored to provide an immediate response. The usual industrial practice is rather simplistic based on brute force checking of limited set of parameters often with pessimistic pre-defined bounds. The usage of appropriate machine learning techniques can be very valuable in this context to narrow down the set of parameters to monitor, define more refined bounds, and forecast impending issues. One of the factors hampering progress in this field is the lack of datasets that can realistically mimic the behaviours of manufacturing systems. In this paper, we propose a new dataset called MIDAS (Modular Ice cream factory Dataset on Anomalies in Sensors) to support machine learning research in analog sensor data. MIDAS is created using a modular manufacturing simulation environment that simulates the ice cream-making process. Using MIDAS, we evaluated four different supervised machine learning algorithms (Logistic Regression, Decision Tree, Random Forest, and Multilayer Perceptron) for two different problems: anomaly detection and anomaly classification. The results showed that multilayer perceptron is the most suitable algorithm with respect to model accuracy and execution time. We have made the data set and the code for the experiments publicly available, to enable interested researchers to enhance the state of the art by conducting further studies.

Place, publisher, year, edition, pages
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 2023
Keywords
Sensors, Temperature sensors, Anomaly detection, Mixers, Manufacturing systems, Behavioral sciences, Cooling, Artificial neural networks, Machine learning, Supervised learning, Anomaly classification, artificial neural network, manufacturing dataset, sensor data
National Category
Computer Sciences
Identifiers
urn:nbn:se:mdh:diva-62361 (URN)10.1109/ACCESS.2023.3252901 (DOI)000965953800001 ()2-s2.0-85149838041 (Scopus ID)
Available from: 2023-05-03 Created: 2023-05-03 Last updated: 2023-05-03Bibliographically approved
Leander, B., Markovic, T. & Leon, M. (2023). Enhanced Simulation Environment to Support Research in Modular Manufacturing Systems. In: IECON Proc: . Paper presented at IECON Proceedings (Industrial Electronics Conference). IEEE Computer Society
Open this publication in new window or tab >>Enhanced Simulation Environment to Support Research in Modular Manufacturing Systems
2023 (English)In: IECON Proc, IEEE Computer Society , 2023Conference paper, Published paper (Refereed)
Abstract [en]

Modular automation provides a challenge for traditional physics simulators, especially if they are used as a simulator in the loop of a development or research project looking at behavior from a systems level. In this paper, we present extensions of a previously developed simulation environment that is tailored to provide these characteristics. The extensions include simulation engine level improvements, such as including better modeling of the material flow, and sensor anomaly injections to model sensor faults or tampering, as well as system-level enhancements and functionality including certificate handling and anomaly detection methods using machine learning. This simulation environment has proven useful for education as well as research and engineering work, and with the provided extensions several new directions of use can be envisioned. The system is demonstrated in the use case of a modular ice-cream factory, including all the new and enhanced functionalities.

Place, publisher, year, edition, pages
IEEE Computer Society, 2023
Keywords
Anomaly detection, Engineering research, Materials handling, Anomaly detection methods, Engineering works, Machine-learning, Material Flow, Model sensors, Modulars, Sensors faults, Simulation engine, Simulation environment, System levels, Industrial research
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-65151 (URN)10.1109/IECON51785.2023.10311913 (DOI)2-s2.0-85179184526 (Scopus ID)9798350331820 (ISBN)
Conference
IECON Proceedings (Industrial Electronics Conference)
Available from: 2023-12-21 Created: 2023-12-21 Last updated: 2023-12-21Bibliographically approved
Dehlaghi Ghadim, A., Markovic, T., Leon, M., Söderman, D. & Strandberg, P. E. (2023). Federated Learning for Network Anomaly Detection in a Distributed Industrial Environment. In: Proceedings - 22nd IEEE International Conference on Machine Learning and Applications, ICMLA 2023: . Paper presented at 22nd IEEE International Conference on Machine Learning and Applications, ICMLA 2023, Jacksonville, 15 December 2023 through 17 December 2023 (pp. 218-225). Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Federated Learning for Network Anomaly Detection in a Distributed Industrial Environment
Show others...
2023 (English)In: Proceedings - 22nd IEEE International Conference on Machine Learning and Applications, ICMLA 2023, Institute of Electrical and Electronics Engineers Inc. , 2023, p. 218-225Conference paper, Published paper (Refereed)
Abstract [en]

Industrial control systems have been targeted by numerous cyber attacks over the past few decades which causes different problems related to data privacy, financial losses and operational failures. One potential approach to detect these attacks is by analyzing network data using machine learning and employing network anomaly detection techniques. However, the nature of these systems often involves their geographical dispersion across multiple zones, which poses a challenge in applying local machine learning methods for detecting anomalies. Additionally, there are instances where sharing complete operational data between different zones is restricted due to security concerns. As a result, a promising solution emerges by implementing a federated model for anomaly detection in these systems. In this study, we investigate the application of machine learning techniques for anomaly detection in network data, considering centralized, local, and federated approaches. We implemented the local and centralized methods using several simple machine-learning techniques and observed that Random Forest and Artificial Neural Networks exhibited superior performance compared to other methods. As a result, we extended our analysis to develop a federated version of Random Forest and Artificial Neural Network. Our findings reveal that the federated model surpasses the performance of the local models, and achieves comparable or even superior results compared to the centralized model, while it ensures data privacy and maintains the confidentiality of sensitive information.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2023
Keywords
Artificial Neural Network, Federated Learning, Machine Learning, Network Anomaly Detection, Random Forest
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-66501 (URN)10.1109/ICMLA58977.2023.00038 (DOI)2-s2.0-85190154174 (Scopus ID)9798350345346 (ISBN)
Conference
22nd IEEE International Conference on Machine Learning and Applications, ICMLA 2023, Jacksonville, 15 December 2023 through 17 December 2023
Note

Conference paper; Export Date: 24 April 2024; Cited By: 0; Conference name: 22nd IEEE International Conference on Machine Learning and Applications, ICMLA 2023; Conference date: 15 December 2023 through 17 December 2023; Conference code: 198226

Available from: 2024-04-24 Created: 2024-04-24 Last updated: 2024-04-24Bibliographically approved
Leon, M., Markovic, T. & Punnekkat, S. (2023). Multi-Objective Optimization on Autoencoder for Feature Encoding and Attack Detection on Network Data. In: GECCO Companion - Proc. Genet. Evol. Comput. Conf. Companion: . Paper presented at GECCO 2023 Companion - Proceedings of the 2023 Genetic and Evolutionary Computation Conference Companion (pp. 379-382). Association for Computing Machinery, Inc
Open this publication in new window or tab >>Multi-Objective Optimization on Autoencoder for Feature Encoding and Attack Detection on Network Data
2023 (English)In: GECCO Companion - Proc. Genet. Evol. Comput. Conf. Companion, Association for Computing Machinery, Inc , 2023, p. 379-382Conference paper, Published paper (Refereed)
Abstract [en]

There is a growing number of network attacks and the data on the network is more exposed than ever with the increased activity on the Internet. Applying Machine Learning (ML) techniques for cyber-security is a popular and effective approach to address this problem. However, the data which is used by ML algorithms have to be protected. In this paper, we present a framework that combines autoencoder, multi-objective optimization algorithms, and different ML algorithms to encode the network data, reduce its size, and detect and classify the network attacks. The novel element used in this framework, with respect to earlier research, is the application of multi-objective optimization algorithms, such as Multi-Objective Differential Evolution or Non-dominated Sorting Genetic Algorithm-II, to handle the different objectives in the fitness function of the autoencoder (autoencoder decoding error and accuracy of ML algorithm). We evaluated six different ML algorithms for attack detection and classification on network dataset UNSWNB15. The performance of the proposed framework is compared with single-objective Differential Evolution. The results showed that Multi-Objective Differential Evolution outperforms the counterparts for attack detection, while all the evaluated algorithms showed similar performance for attack classification.

Place, publisher, year, edition, pages
Association for Computing Machinery, Inc, 2023
Keywords
cybersecurity, differential evolution, genetic algorithm, machine learning, multi-objective optimization, Classification (of information), Computer crime, Encoding (symbols), Multiobjective optimization, Network coding, Attack detection, Auto encoders, Cyber security, Machine learning algorithms, Machine-learning, Multi-objectives optimization, Network attack, Network data, Optimization algorithms, Genetic algorithms
National Category
Computer Sciences
Identifiers
urn:nbn:se:mdh:diva-64176 (URN)10.1145/3583133.3590600 (DOI)001117972600117 ()2-s2.0-85169019405 (Scopus ID)9798400701207 (ISBN)
Conference
GECCO 2023 Companion - Proceedings of the 2023 Genetic and Evolutionary Computation Conference Companion
Available from: 2023-09-06 Created: 2023-09-06 Last updated: 2024-03-13Bibliographically approved
Strandberg, P. E., Söderman, D., Dehlaghi-Ghadim, A., Leon, M., Markovic, T., Punnekkat, S., . . . Buffoni, D. (2023). The Westermo network traffic data set. Data in Brief, 50, Article ID 109512.
Open this publication in new window or tab >>The Westermo network traffic data set
Show others...
2023 (English)In: Data in Brief, E-ISSN 2352-3409, Vol. 50, article id 109512Article in journal (Refereed) Published
Abstract [en]

There is a growing body of knowledge on network intrusion detection, and several open data sets with network traffic and cyber-security threats have been released in the past decades. However, many data sets have aged, were not collected in a contemporary industrial communication system, or do not easily support research focusing on distributed anomaly detection. This paper presents the Westermo network traffic data set, 1.8 million network packets recorded in over 90 minutes in a network built up of twelve hardware devices. In addition to the raw data in PCAP format, the data set also contains pre-processed data in the form of network flows in CSV files. This data set can support the research community for topics such as intrusion detection, anomaly detection, misconfiguration detection, distributed or federated artificial intelligence, and attack classification. In particular, we aim to use the data set to continue work on resource-constrained distributed artificial intelligence in edge devices. The data set contains six types of events: harmless SSH, bad SSH, misconfigured IP address, duplicated IP address, port scan, and man in the middle attack. 

Place, publisher, year, edition, pages
Elsevier Inc., 2023
Keywords
Cyber-physical systems, Distributed artificial intelligence, Industrial communication system, Network intrusion detection
National Category
Computer Sciences
Identifiers
urn:nbn:se:mdh:diva-64333 (URN)10.1016/j.dib.2023.109512 (DOI)001072102800001 ()2-s2.0-85170076058 (Scopus ID)
Available from: 2023-09-20 Created: 2023-09-20 Last updated: 2023-11-06Bibliographically approved
Markovic, T., Dehlaghi-Ghadim, A., Leon, M., Balador, A. & Punnekkat, S. (2023). Time-series Anomaly Detection and Classification with Long Short-Term Memory Network on Industrial Manufacturing Systems.
Open this publication in new window or tab >>Time-series Anomaly Detection and Classification with Long Short-Term Memory Network on Industrial Manufacturing Systems
Show others...
2023 (English)Report (Other (popular science, discussion, etc.))
National Category
Engineering and Technology
Identifiers
urn:nbn:se:mdh:diva-62395 (URN)
Available from: 2023-05-05 Created: 2023-05-05 Last updated: 2023-11-06Bibliographically approved
Markovic, T., Dehlaghi-Ghadim, A., Leon, M., Balador, A. & Punnekkat, S. (2023). Time-series Anomaly Detection and Classification with Long Short-Term Memory Network on Industrial Manufacturing Systems. In: Proc. Conf. Comput. Sci. Intell. Syst., FedCSIS: . Paper presented at Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023 (pp. 171-181). Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Time-series Anomaly Detection and Classification with Long Short-Term Memory Network on Industrial Manufacturing Systems
Show others...
2023 (English)In: Proc. Conf. Comput. Sci. Intell. Syst., FedCSIS, Institute of Electrical and Electronics Engineers Inc. , 2023, p. 171-181Conference paper, Published paper (Refereed)
Abstract [en]

Modern manufacturing systems collect a huge amount of data which gives an opportunity to apply various Machine Learning (ML) techniques. The focus of this paper is on the detection of anomalous behavior in industrial manufacturing systems by considering the temporal nature of the manufacturing process. Long Short-Term Memory (LSTM) networks are applied on a publicly available dataset called Modular Ice-cream factory Dataset on Anomalies in Sensors (MIDAS), which is created using a simulation of a modular manufacturing system for ice cream production. Two different problems are addressed: anomaly detection and anomaly classification. LSTM performance is analysed in terms of accuracy, execution time, and memory consumption and compared with non-time-series ML algorithms including Logistic Regression, Decision Tree, Random Forest, and Multi-Layer Perceptron. The experiments demonstrate the importance of considering the temporal nature of the manufacturing process in detecting anomalous behavior and the superiority in accuracy of LSTM over non-time-series ML algorithms. Additionally, runtime adaptation of the predictions produced by LSTM is proposed to enhance its applicability in a real system.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2023
Keywords
anomaly classification, anomaly detection, deep learning, LSTM, machine learning, manufacturing systems, sensor data, Brain, Classification (of information), Decision trees, Information systems, Information use, Learning systems, Time series, Anomalous behavior, Industrial manufacturing, Machine-learning, Manufacturing process, Memory network, Sensors data, Times series, Long short-term memory
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-65150 (URN)10.15439/2023F5263 (DOI)2-s2.0-85179180258 (Scopus ID)9788396744784 (ISBN)
Conference
Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023
Available from: 2023-12-21 Created: 2023-12-21 Last updated: 2023-12-21Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-3425-3837

Search in DiVA

Show all publications