CybersecurityStacked Deep Learning: Deeper Defense against Cyberattacks

Published 28 November 2021

Internet-based industrial control systems are widely used to monitor and operate factories and critical infrastructure. Moving these systems online has made them cheaper and easier to access, but it has also made them more vulnerable to attack. Stacked deep learning offers a better way to detect hacking into industrial control systems. 

To address the growing threat of cyberattacks on industrial control systems, a team of researchers at the Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division, King Abdullah University of Science and Technology (KAUST), has developed an improved method for detecting malicious intrusions.

Conventional security solutions such as firewalls and antivirus software are not appropriate for protecting industrial control systems because of their distinct specifications. Their sheer complexity also makes it hard for even the best algorithms to pick out abnormal occurrences that might spell invasion.

For instance, system behavior that looks suspicious, such as a freak power surge or the serial failure of circuit breakers, may have natural causes. To add to this, sophisticated cyber attackers may be very good at disguising their movements.

Where algorithms have failed in the past, a branch of machine learning, called deep learning, has proven much more adept at recognizing complex patterns of the kind described above.

Deep learning runs on circuits called neural networks and is trained rather than programed. Instead of writing coded instructions, its creators show the deep learning model different examples to learn from, allowing it to improve in accuracy with every step.

Ying Sun’s team trained and tested five different deep learning models with data supplied by the Mississippi State University’s Critical Infrastructure Protection Center. These were publicly available simulations of different kinds of attack, such as packet injection and distributed denial of service (DDOS), on power systems and gas pipelines.

The deep learning models’ ability to detect intrusions was compared to state-of-the-art algorithms. While the best algorithms were typically between 80 and 90 percent accurate, each deep learning model scored between 97 and 99 percent.

The team’s stacked deep learning method promises an effective defense in cyberwarfare, which national governments today identify as a major security threat. Cyberattacks such as that on Ukraine’s electricity grid in 2015, which led to outages in thousands of homes, may be prevented.