Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2017 (2017), Article ID 9150965, 17 pages
https://doi.org/10.1155/2017/9150965
Review Article

Towards Large-Scale, Heterogeneous Anomaly Detection Systems in Industrial Networks: A Survey of Current Trends

Department of Electronics and Computing, Mondragon Unibertsitatea, Goiru 2, 20500 Arrasate-Mondragón, Spain

Correspondence should be addressed to Mikel Iturbe

Received 13 September 2017; Accepted 5 November 2017; Published 22 November 2017

Academic Editor: Javier Lopez

Copyright © 2017 Mikel Iturbe et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. K. Stouffer, J. Falco, and K. Scarfone, “Guide to Industrial Control Systems (ICS) Security, Special publication 800-82,” Tech. Rep., National Institute of Standards and Technology, June 2011. View at Google Scholar
  2. European Council, “Council Directive 2008/114/EC,” Tech. Rep., Official Journal of the European Union, December 2008. View at Google Scholar
  3. B. Miller and D. C. Rowe, “A survey of SCADA and critical infrastructure incidents,” in Proceedings of the 1st Annual Conference on Research in Information Technology, RIIT 2012, pp. 51–56, ACM, October 2012. View at Publisher · View at Google Scholar · View at Scopus
  4. M. Zeller, “Myth or reality - Does the Aurora vulnerability pose a risk to my generator?” in Proceedings of the 64th Annual Conference for Protective Relay Engineers, pp. 130–136, April 2011. View at Publisher · View at Google Scholar · View at Scopus
  5. R. Langner, “Stuxnet: dissecting a cyberwarfare weapon,” IEEE Security and Privacy, vol. 9, no. 3, pp. 49–51, 2011. View at Publisher · View at Google Scholar · View at Scopus
  6. J. Slay and M. Miller, Lessons learned from the Maroochy Water Breach, Springer, 2007.
  7. “Bundesamt für Sicherheit in der Informationstechnik,” Tech. Rep., Die Lage der IT-Sicherheit in Deutschland, 2014.
  8. B. Bencsáth, G. Pék, L. Buttyán, and M. Félegyházi, “Duqu: Analysis, detection, and lessons learned,” in ACM European Workshop on System Security (EuroSec), 2012. View at Google Scholar
  9. Symantec Incident Response, “Dragonfly: Cyberespionage attacks against energy suppliers,” Tech. Rep., July 2014. View at Google Scholar
  10. R. Mitchell and I.-R. Chen, “A survey of intrusion detection techniques for cyber-physical systems,” ACM Computing Surveys, vol. 46, no. 4, article no. 55, 2014. View at Publisher · View at Google Scholar · View at Scopus
  11. B. Zhu, A. Joseph, and S. Sastry, “A taxonomy of cyber attacks on SCADA systems,” in Proceedings of the 2011 IEEE International Conference on Internet of Things, iThings 2011 and 4th IEEE International Conference on Cyber, Physical and Social Computing, CPSCom 2011, pp. 380–388, October 2011. View at Publisher · View at Google Scholar · View at Scopus
  12. I. Garitano, R. Uribeetxeberria, and U. Zurutuza, “A review of SCADA anomaly detection systems,” in Proceedings of the6th International Conference Soft Computing Models in Industrial and Environmental Applications SOCO 2011, vol. 87, pp. 357–366, Springer, 2011. View at Publisher · View at Google Scholar · View at Scopus
  13. J. Dean and S. Ghemawat, “MapReduce: simplified data processing on large clusters,” Communications of the ACM, vol. 51, no. 1, pp. 107–113, 2008. View at Publisher · View at Google Scholar · View at Scopus
  14. D. Borthakur, “The hadoop distributed file system: Architecture and design,” 2007.
  15. M. Chen, S. Mao, and Y. Liu, “Big data: A survey,” Mobile Networks and Applications, vol. 19, no. 2, pp. 171–209, 2014. View at Publisher · View at Google Scholar · View at Scopus
  16. D. Laney, “3D data management: Controlling data volume, velocity and variety,” META Group Research Note, vol. 6, 2001. View at Google Scholar
  17. J. Camacho, G. Macia-Fernandez, J. Diaz-Verdejo, and P. Garcia-Teodoro, “Tackling the big data 4 vs for anomaly detection,” in Proceedings of the IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2014, pp. 500–505, May 2014. View at Publisher · View at Google Scholar · View at Scopus
  18. S. Wallace, X. Zhao, D. Nguyen, and K.-T. Lu, “Big data analytics on smart grid: Mining pmu data for event and anomaly detection,” in Big Data: Principles and Paradigms, R. Buyya, R. N. Calheiros, and A. V. Dastjerdi, Eds., chapter 17, pp. 417–429, Morgan Kaufmann, 2016. View at Google Scholar
  19. A. A. Cárdenas, P. K. Manadhata, and S. P. Rajan, “Big Data Analytics for Security,” Security & Privacy, IEEE, vol. 11, no. 6, pp. 74–76, 2013. View at Google Scholar
  20. C. Everett, “Big data - The future of cyber-security or its latest threat?” Computer Fraud and Security, vol. 2015, no. 9, pp. 14–17, 2015. View at Publisher · View at Google Scholar · View at Scopus
  21. M. Cheminod, L. Durante, and A. Valenzano, “Review of security issues in industrial networks,” IEEE Transactions on Industrial Informatics, vol. 9, no. 1, pp. 277–293, 2013. View at Publisher · View at Google Scholar · View at Scopus
  22. B. Galloway and G. P. Hancke, “Introduction to industrial control networks,” IEEE Communications Surveys and Tutorials, vol. 15, no. 2, pp. 860–880, 2013. View at Publisher · View at Google Scholar · View at Scopus
  23. T.-F. Yen, A. Oprea, K. Onarlioglu et al., “Beehive: Large-scale log analysis for detecting suspicious activity in enterprise networks,” in Proceedings of the 29th Annual Computer Security Applications Conference, ACSAC 2013, pp. 199–208, December 2013. View at Publisher · View at Google Scholar · View at Scopus
  24. V. K. C. Bumgardner and V. W. Marek, “Scalable hybrid stream and hadoop network analysis system,” in Proceedings of the 5th ACM/SPEC International Conference on Performance Engineering, ICPE 2014, pp. 219–224, Association for Computing Machinery, Dublin, Ireland, March 2014. View at Publisher · View at Google Scholar · View at Scopus
  25. J. Dromard, G. Roudire, and P. Owezarski, “Unsupervised network anomaly detection in real-time on big data,” in New Trends in Databases and Information Systems, T. Morzy, P. Valduriez, and L. Bellatreche, Eds., vol. 539 of Communications in Computer and Information Science, pp. 197–206, Springer, Berlin, Germany, 2015. View at Publisher · View at Google Scholar
  26. D. E. Difallah, P. Cudre-Mauroux, and S. A. McKenna, “Scalable anomaly detection for smart city infrastructure networks,” IEEE Internet Computing, vol. 17, no. 6, pp. 39–47, 2013. View at Publisher · View at Google Scholar · View at Scopus
  27. P. Giura and W. Wang, “Using large scale distributed computing to unveil advanced persistent threats,” SCIENCE, vol. 1, no. 3, pp. 93–105, 2012. View at Google Scholar
  28. G. P. Gupta and M. Kulariya, “A framework for fast and efficient cyber security network intrusion detection using apache spark,” Procedia Computer Science, vol. 93, pp. 824–831, 2016. View at Google Scholar
  29. D. Gonçalves, J. Bota, and M. Correia, “Big data analytics for detecting host misbehavior in large logs,” in Proceedings of the 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015, pp. 238–245, fin, August 2015. View at Publisher · View at Google Scholar · View at Scopus
  30. D. Hadžiosmanović, D. Bolzoni, and P. H. Hartel, “A log mining approach for process monitoring in SCADA,” International Journal of Information Security, vol. 11, no. 4, pp. 231–251, 2012. View at Publisher · View at Google Scholar · View at Scopus
  31. R. Fontugne, J. Mazel, and K. Fukuda, “Hashdoop: A MapReduce framework for network anomaly detection,” in Proceedings of the 2014 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2014, pp. 494–499, May 2014. View at Publisher · View at Google Scholar · View at Scopus
  32. W. Hurst, M. Merabti, and P. Fergus, “Big data analysis techniques for cyber-threat detection in critical infrastructures,” in Proceedings of the 28th IEEE International Conference on Advanced Information Networking and Applications Workshops, IEEE WAINA 2014, pp. 916–921, May 2014. View at Publisher · View at Google Scholar · View at Scopus
  33. M. Iturbe, I. Garitano, U. Zurutuza, and R. Uribeetxeberria, “Visualizing Network Flows and Related Anomalies in Industrial Networks using Chord Diagrams and Whitelisting,” in Proceedings of the International Conference on Information Visualization Theory and Applications, pp. 99–106, Rome, Italy, Feburary 2016. View at Publisher · View at Google Scholar
  34. I. Kiss, B. Genge, P. Haller, and G. Sebestyen, “Data clustering-based anomaly detection in industrial control systems,” in Proceedings of the 2014 10th IEEE International Conference on Intelligent Computer Communication and Processing, ICCP 2014, pp. 275–281, Cluj Napoca, Romania, September 2014. View at Publisher · View at Google Scholar · View at Scopus
  35. S. Marchal, X. Jiang, R. State, and T. Engel, “A big data architecture for large scale security monitoring,” in Proceedings of the 3rd IEEE International Congress on Big Data, BigData Congress, pp. 56–63, IEEE Computer Society, Anchorage, Alaska, USA, July 2014. View at Publisher · View at Google Scholar · View at Scopus
  36. H. Tazaki, K. Okada, Y. Sekiya, and Y. Kadobayashi, “MATATABI: Multi-layer Threat Analysis Platform with Hadoop,” in Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2014, pp. 75–82. View at Publisher · View at Google Scholar · View at Scopus
  37. M. M. Rathore, A. Ahmad, and A. Paul, “Real time intrusion detection system for ultra-high-speed big data environments,” The Journal of Supercomputing, vol. 72, no. 9, pp. 3489–3510, 2016. View at Publisher · View at Google Scholar · View at Scopus
  38. A. S. Ratner and P. Kelly, “Anomalies in network traffic,” in Proceedings of the 11th IEEE International Conference on Intelligence and Security Informatics, IEEE ISI 2013, pp. 206–208, June 2013. View at Publisher · View at Google Scholar · View at Scopus
  39. J. Therdphapiyanak and K. Piromsopa, “An analysis of suitable parameters for efficiently applying K-means clustering to large TCPdump data set using Hadoop framework,” in Proceedings of the 2013 10th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology, ECTI-CON 2013, pp. 1–6, May 2013. View at Publisher · View at Google Scholar · View at Scopus
  40. G. Tian, Z. Wang, X. Yin et al., “TADOOP: Mining Network Traffic Anomalies with Hadoop,” in Security and Privacy in Communication Networks, B. Thuraisingham, X. Wang, and V. Yegneswaran, Eds., vol. 164 of Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, pp. 175–192, Springer, 2015. View at Publisher · View at Google Scholar · View at Scopus
  41. Z. Wang, J. Yang, H. Zhang, C. Li, S. Zhang, and H. Wang, “Towards online anomaly detection by combining multiple detection methods and Storm,” in Proceedings of the 2016 IEEE/IFIP Network Operations and Management Symposium, NOMS 2016, pp. 804–807, tur, April 2016. View at Publisher · View at Google Scholar · View at Scopus
  42. W. Xu, L. Huang, A. Fox, D. Patterson, and M. I. Jordan, “Detecting large-scale system problems by mining console logs,” in Proceedings of the 22nd ACM SIGOPS Symposium on Operating Systems Principles, SOSP'09, pp. 117–131, October 2009. View at Publisher · View at Google Scholar · View at Scopus
  43. V. M. Igure, S. A. Laughter, and R. D. Williams, “Security issues in SCADA networks,” Computers & Security, vol. 25, no. 7, pp. 498–506, 2006. View at Publisher · View at Google Scholar · View at Scopus
  44. B. Genge, C. Siaterlis, and M. Hohenadel, “Impact of network infrastructure parameters to the effectiveness of cyber attacks against Industrial Control Systems,” International Journal of Computers, Communications & Control, vol. 7, no. 4, pp. 674–687, 2012. View at Publisher · View at Google Scholar · View at Scopus
  45. ISO, “EnglishInformation technology – Security techniques – Information security management systems – Requirements. ISO/IEC 27001:2013,” Tech. Rep., International Organization for Standardization, 2013. View at Google Scholar
  46. M. Bishop, Computer Security: Art and Science, Addison-Wesley Professional, 2002.
  47. D. Dzung, M. Naedele, T. P. von Hoff, and M. Crevatin, “Security for industrial communication systems,” Proceedings of the IEEE, vol. 93, no. 6, pp. 1152–1177, 2005. View at Publisher · View at Google Scholar · View at Scopus
  48. D. Duggan, M. Berg, J. Dillinger, and J. Stamp, “Penetration testing of industrial control systems,” Tech. Rep. SAND2005-2846P, Sandia National Laboratories, 2005. View at Google Scholar
  49. H. Debar, M. Dacier, and A. Wespi, “Towards a taxonomy of intrusion-detection systems,” Computer Networks, vol. 31, no. 8, pp. 805–822, 1999. View at Publisher · View at Google Scholar · View at Scopus
  50. A. L. Buczak and E. Guven, “A survey of data mining and machine learning methods for cyber security intrusion detection,” IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1153–1176, 2016. View at Publisher · View at Google Scholar · View at Scopus
  51. M. Obitko, V. Jirkovský, and J. Bezdíček, “Big Data Challenges in Industrial Automation,” in Industrial Applications of Holonic and Multi-Agent Systems, V. Marík, J. Lastra, and P. Skobelev, Eds., vol. 8062 of Lecture Notes in Computer Science, pp. 305–316, Springer, Berlin, Heidelberg, 2013. View at Publisher · View at Google Scholar
  52. H. P. Zhu, Y. Xu, Q. Liu, and Y. Q. Rao, “Cloud service platform for big data of manufacturing,” Applied Mechanics and Materials, vol. 456, pp. 178–183, 2014. View at Publisher · View at Google Scholar · View at Scopus
  53. S. Windmann, A. Maier, O. Niggemann et al., “Big data analysis of manufacturing processes,” Journal of Physics: Conference Series, vol. 659, no. 1, Article ID 012055, 2015. View at Publisher · View at Google Scholar · View at Scopus
  54. M. Kezunovic, L. Xie, and S. Grijalva, “The role of big data in improving power system operation and protection,” in Proceedings of the 2013 IREP Symposium on Bulk Power System Dynamics and Control - IX Optimization, Security and Control of the Emerging Power Grid, IREP 2013, August 2013. View at Publisher · View at Google Scholar · View at Scopus
  55. J. Wan, S. Tang, D. Li et al., “A Manufacturing Big Data Solution for Active Preventive Maintenance,” IEEE Transactions on Industrial Informatics, vol. 13, no. 4, pp. 2039–2047, 2017. View at Publisher · View at Google Scholar
  56. L. Stojanovic, M. Dinic, N. Stojanovic, and A. Stojadinovic, “Big-data-driven anomaly detection in industry (4.0): An approach and a case study,” in Proceedings of the 4th IEEE International Conference on Big Data, Big Data 2016, pp. 1647–1652, December 2016. View at Publisher · View at Google Scholar · View at Scopus
  57. Y. Xu, Y. Sun, J. Wan, X. Liu, and Z. Song, “Industrial Big Data for Fault Diagnosis: Taxonomy, Review, and Applications,” IEEE Access, 2017. View at Publisher · View at Google Scholar
  58. W. Shi, Y. Zhu, T. Huang et al., “An Integrated Data Preprocessing Framework Based on Apache Spark for Fault Diagnosis of Power Grid Equipment,” Journal of Signal Processing Systems, vol. 86, no. 2-3, pp. 221–236, 2017. View at Publisher · View at Google Scholar · View at Scopus
  59. N. Svendsen and S. Wolthusen, “Using Physical Models for Anomaly Detection in Control Systems,” in Critical Infrastructure Protection III, vol. 311 of IFIP Advances in Information and Communication Technology, pp. 139–149, Springer, Berlin, Heidelberg, 2009. View at Publisher · View at Google Scholar
  60. M. Krotofil, J. Larsen, and D. Gollmann, “The process matters: Ensuring data veracity in Cyber-physical systems,” in Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2015, pp. 133–144, Singapore, April 2015. View at Publisher · View at Google Scholar · View at Scopus
  61. I. Kiss, B. Genge, and P. Haller, “A clustering-based approach to detect cyber attacks in process control systems,” in Proceedings of the 13th International Conference on Industrial Informatics, INDIN 2015, pp. 142–148, July 2015. View at Publisher · View at Google Scholar · View at Scopus
  62. M. Iturbe, J. Camacho, I. Garitano, U. Zurutuza, and R. Uribeetxeberria, “On the Feasibility of Distinguishing between Process Disturbances and Intrusions in Process Control Systems Using Multivariate Statistical Process Control,” in Proceedings of the 46th IEEE/IFIP International Conference on Dependable Systems and Networks, DSN-W 2016, pp. 155–160, France, July 2016. View at Publisher · View at Google Scholar · View at Scopus
  63. B. Genge, C. Siaterlis, and G. Karopoulos, “Data fusion-base anomay detection in networked critical infrastructures,” in Proceedings of the 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W), pp. 1–8, Budapest, Hungary, June 2013. View at Publisher · View at Google Scholar
  64. W. Jardine, S. Frey, B. Green, and A. Rashid, “SENAMI: Selective non-invasive active monitoring for ICS intrusion detection,” in Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and PrivaCy, CPS-SPC 2016, pp. 23–34, Vienna, Austria, October 2016. View at Publisher · View at Google Scholar · View at Scopus
  65. A. Bialecki, M. Cafarella, D. Cutting, and O. OMalley, “Hadoop: a framework for running applications on large clusters built of commodity hardware,” AT Wiki, 2005, http://hadoop.apache.org.
  66. P. Mundkur, V. Tuulos, and J. Flatow, “Disco: A computing platform for large-scale data analytics,” in Proceedings of the 10th ACM SIGPLAN Erlang Workshop, Erlang 2011, Co-located with the Annual ACM SIGPLAN International Conference on Functional Programming, ICFP, pp. 84–89, jpn, September 2011. View at Publisher · View at Google Scholar · View at Scopus
  67. M. Gorawski, A. Gorawska, and K. Pasterak, “A survey of data stream processing tools,” in Information Sciences and Systems 2014, pp. 295–303, Springer International Publishing, Cham, 2014. View at Publisher · View at Google Scholar
  68. M. Zaharia, M. Chowdhury, M. J. Franklin, S. Shenker, and I. Stoica, “Spark: cluster computing with working sets,” in Proceedings of the 2nd USENIX conference on Hot topics in cloud computing, p. 10, 2010.
  69. P. Carbone, S. Ewen, S. Haridi, A. Katsifodimos, V. Markl, and K. Tzoumas, “Apache flink: Stream and batch processing in a single engine,” Data Engineering, p. 28, 2015. View at Google Scholar
  70. R. Zuech, T. M. Khoshgoftaar, and R. Wald, “Intrusion detection and Big Heterogeneous Data: a Survey,” Journal of Big Data, vol. 2, no. 1, pp. 1–41, 2015. View at Publisher · View at Google Scholar · View at Scopus
  71. J. François, S. Wang, W. Bronzi, R. State, and T. Engel, “BotCloud: detecting botnets using MapReduce,” in Proceedings of the IEEE International Workshop on Information Forensics and Security (WIFS '11), pp. 1–6, Iguacu Falls, Brazil, December 2011. View at Publisher · View at Google Scholar · View at Scopus
  72. K. Singh, S. C. Guntuku, A. Thakur, and C. Hota, “Big data analytics framework for peer-to-peer botnet detection using random forests,” Information Sciences, vol. 278, pp. 488–497, 2014. View at Publisher · View at Google Scholar · View at Scopus
  73. T.-W. Chiou, S.-C. Tsai, and Y.-B. Lin, “Network security management with traffic pattern clustering,” Soft Computing, vol. 18, no. 9, pp. 1757–1770, 2014. View at Publisher · View at Google Scholar · View at Scopus
  74. Z. Luo, J. Shen, H. Jin, and D. Liu, “Research of Botnet Situation Awareness Based on Big Data,” in Web Technologies and Applications, vol. 9461 of Lecture Notes in Computer Science, pp. 71–78, Springer International Publishing, 2015. View at Publisher · View at Google Scholar
  75. L. Invernizzi, S. Miskovic, R. Torres et al., “Nazca: Detecting Malware Distribution in Large-Scale Networks,” in Proceedings of the Network and Distributed System Security Symposium, San Diego, Calif, USA, 2014. View at Publisher · View at Google Scholar
  76. D. H. Chau, C. Nachenberg, J. Wilhelm, A. Wright, and C. Faloutsos, “Polonium: Tera-Scale Graph Mining and Inference for Malware Detection,” in Proceedings of the SIAM International Conference on Data Mining (SDM) 2011, Mesa, Ariz, USA, April 2011.
  77. S. T. Liu and Y. M. Chen, “Retrospective detection of malware attacks by cloud computing,” International Journal of Information Technology, Communications and Convergence, vol. 1, no. 3, pp. 280–296, 2011. View at Publisher · View at Google Scholar
  78. C. R. Panigrahi, M. Tiwari, B. Pati, and R. Prasath, “Malware Detection in Big Data Using Fast Pattern Matching: A Hadoop Based Comparison on GPU,” in Mining Intelligence and Knowledge Exploration, vol. 8891 of Lecture Notes in Computer Science, pp. 407–416, Springer International Publishing, 2014. View at Publisher · View at Google Scholar
  79. J. Jang, D. Brumley, and S. Venkataraman, “Bitshred: Fast, Scalable Malware Triage,” Tech. Rep., Cylab, Carnegie Mellon University, Pittsburgh, Pa, USA, 2010. View at Publisher · View at Google Scholar
  80. Z. Hanif, C. Telvis, and J. Trost, “BinaryPig: Scalable Static Binary Analysis Over Hadoop,” in Proceedings of the Blackhat USA, Las Vegas, Nev, USA, 2013.
  81. M. Mizukoshi and M. Munetomo, “Distributed denial of services attack protection system with genetic algorithms on Hadoop cluster computing framework,” in Proceedings of the IEEE Congress on Evolutionary Computation, CEC 2015, pp. 1575–1580, May 2015. View at Publisher · View at Google Scholar · View at Scopus
  82. S. Tripathi, B. Gupta, A. Almomani, A. Mishra, and S. Veluru, “Hadoop Based Defense Solution to Handle Distributed Denial of Service (DDoS) Attacks,” Journal of Information Security, vol. 04, no. 03, pp. 150–164, 2013. View at Publisher · View at Google Scholar
  83. Y. Lee and Y. Lee, “Detecting DDoS attacks with Hadoop,” in Proceedings of the 2011 ACM CoNext Student Workshop, CoNEXT 2011, ACM, December 2011. View at Publisher · View at Google Scholar · View at Scopus
  84. J. Choi, C. Choi, B. Ko, D. Choi, and P. Kim, “Detecting web based DDoS attack using MapReduce operations in cloud computing environment,” Journal of Internet Services and Information Security, vol. 3, pp. 28–37, Nov 2013. View at Google Scholar
  85. T. Zhao, D. C.-T. Lo, and K. Qian, “A neural-network based DDoS detection system using hadoop and HBase,” in Proceedings of the 17th IEEE International Conference on High Performance Computing and Communications, IEEE 7th International Symposium on Cyberspace Safety and Security and IEEE 12th International Conference on Embedded Software and Systems, HPCC-ICESS-CSS 2015, pp. 1326–1331, August 2015. View at Publisher · View at Google Scholar · View at Scopus
  86. G. Caruana, M. Li, and H. Qi, “SpamCloud: A mapreduce based anti-spam architecture,” in Proceedings of the 2010 7th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2010, pp. 3003–3006, August 2010. View at Publisher · View at Google Scholar · View at Scopus
  87. G. Caruana, M. Li, and M. Qi, “A MapReduce based parallel SVM for large scale spam filtering,” in Proceedings of the 2011 8th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2011, Jointly with the 2011 7th International Conference on Natural Computation, ICNC'11, pp. 2659–2662, July 2011. View at Publisher · View at Google Scholar · View at Scopus
  88. P. H. B. Las-Casas, V. S. Dias, W. Meira, and D. Guedes, “A Big Data Architecture for Security Data and Its Application to Phishing Characterization,” in Proceedings of the 2nd IEEE International Conference on Big Data Security on Cloud, IEEE BigDataSecurity 2016, 2nd IEEE International Conference on High Performance and Smart Computing, IEEE HPSC 2016 and IEEE International Conference on Intelligent Data and Security, IEEE IDS 2016, pp. 36–41, April 2016. View at Publisher · View at Google Scholar · View at Scopus
  89. M. Thomas, L. Metcalf, J. Spring, P. Krystosek, and K. Prevost, “SiLK: A tool suite for unsampled network flow analysis at scale,” in Proceedings of the 3rd IEEE International Congress on Big Data, BigData Congress, pp. 184–191, Anchorage, Alaska, USA, July 2014. View at Publisher · View at Google Scholar · View at Scopus
  90. Y. Lee, W. Kang, and H. Son, “An internet traffic analysis method with MapReduce,” in Proceedings of the IEEE/IFIP Network Operations and Management Symposium Workshops, NOMS 2010, pp. 357–361, April 2010. View at Publisher · View at Google Scholar · View at Scopus
  91. M. Baker, D. Turnbull, and G. Kaszuba, “Finding Data Needles in Haystacks (the Size of Countries,” in Prooceedings of Blackhat Europe, 2012. View at Google Scholar
  92. Y. Lee, W. Kang, and Y. Lee, “A hadoop-based packet trace processing tool,” in Traffic Monitoring and Analysis, vol. 6613 of Lecture Notes in Computer Science, pp. 51–63, Springer, Berlin, Heidelberg, 2011. View at Publisher · View at Google Scholar
  93. M. Kumar and M. Hanumanthappa, “Scalable intrusion detection systems log analysis using cloud computing infrastructure,” in Proceedings of the 2013 4th IEEE International Conference on Computational Intelligence and Computing Research, IEEE ICCIC 2013, December 2013. View at Publisher · View at Google Scholar · View at Scopus
  94. S.-F. Yang, W.-Y. Chen, and Y.-T. Wang, “ICAS: An inter-VM IDS log cloud analysis system,” in Proceedings of the 2011 IEEE International Conference on Cloud Computing and Intelligence Systems, CCIS2011, pp. 285–289, September 2011. View at Publisher · View at Google Scholar · View at Scopus
  95. S. Axelsson, “Intrusion detection systems: A survey and taxonomy,” Tech. Rep., Chalmers University of Technology, 2000. View at Google Scholar
  96. B. Zhu and S. Sastry, “SCADA-specific intrusion detection/prevention systems: a survey and taxonomy,” in Proceedings of the in Proceedings of the 1st Workshop on Secure Control Systems (SCS' 10), 2010.
  97. A. Thusoo, J. S. Sarma, and N. Jain, “Hive: a warehousing solution over a map-reduce framework,” Proceedings of the VLDB Endowment, vol. 2, no. 2, pp. 1626–1629, 2009. View at Publisher · View at Google Scholar · View at Scopus
  98. J. Therdphapiyanak and K. Piromsopa, “Applying hadoop for log analysis toward distributed IDS,” in Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2013, January 2013. View at Publisher · View at Google Scholar · View at Scopus
  99. H. Hotelling, “Multivariate quality control,” Techniques of Statistical Analysis, 1947. View at Google Scholar
  100. J. E. Jackson and G. S. Mudholkar, “Control procedures for residuals associated with principal component analysis,” Technometrics, vol. 21, no. 3, pp. 341–349, 1979. View at Publisher · View at Google Scholar · View at Scopus
  101. A. Ziviani, A. T. A. Gomes, M. L. Monsores, and P. S. S. Rodrigues, “Network anomaly detection using nonextensive entropy,” IEEE Communications Letters, vol. 11, no. 12, pp. 1034–1036, 2007. View at Publisher · View at Google Scholar · View at Scopus
  102. M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, and I. H. Witten, “The WEKA data mining software: an update,” ACM SIGKDD Explorations Newsletter, vol. 11, no. 1, pp. 10–18, 2009. View at Publisher · View at Google Scholar
  103. P. Casas, J. Mazel, and P. Owezarski, “Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge,” Computer Communications, vol. 35, no. 7, pp. 772–783, 2012. View at Publisher · View at Google Scholar · View at Scopus
  104. M. Ester, H.-P. Kriegel, J. Sander, and X. Xu, “A density-based algorithm for discovering clusters in large spatial databases with noise,” in Proceedings of the 2nd International Conference on Knowledge Discovery and Data Mining (KDD '96), pp. 226–231, 1996.
  105. Z. Wang, J. Yang, and F. Li, “An on-line anomaly detection method based on LMS algorithm,” in Proceedings of the 16th Asia-Pacific Network Operations and Management Symposium, APNOMS 2014, September 2014. View at Publisher · View at Google Scholar · View at Scopus
  106. B. Schneier, “Attack trees,” Dr. Dobb's Journal, vol. 24, no. 12, pp. 21–29, 1999. View at Google Scholar
  107. E. J. Amoroso, Fundamentals of Computer Security, PTR Prentice Hall, Englewood Cliffs, NJ, USA, 1994. View at MathSciNet
  108. L. Anselin, “Local indicators of spatial association—LISA,” Geographical Analysis, vol. 27, no. 2, pp. 93–115, 1995. View at Google Scholar · View at Scopus
  109. P. G. Brown, “Overview of sciDB: large scale array storage, processing and analysis,” in Proceedings of the ACM SIGMOD International Conference on Management of Data, pp. 963–968, ACM, 2010. View at Publisher · View at Google Scholar
  110. E. Bompard, P. Cuccia, M. Masera, and I. N. Fovino, “Cyber vulnerability in power systems operation and control,” in Critical Infrastructure Protection, vol. 7130, pp. 197–234, Springer, 2012. View at Publisher · View at Google Scholar · View at Scopus
  111. J. Camacho, R. Magán-Carrión, P. García-Teodoro, and J. J. Treinen, “Networkmetrics: multivariate big data analysis in the context of the internet,” Journal of Chemometrics, vol. 30, no. 9, pp. 488–505, 2016. View at Publisher · View at Google Scholar · View at Scopus
  112. R. Sommer and V. Paxson, “Outside the closed world: on using machine learning for network intrusion detection,” in Proceedings of the IEEE Symposium on Security and Privacy, pp. 305–316, IEEE Computer Society, 2010. View at Publisher · View at Google Scholar · View at Scopus
  113. T. Morris and W. Gao, “Industrial Control System Traffic Data Sets for Intrusion Detection Research,” in Critical Infrastructure Protection VIII, vol. 441 of IFIP Advances in Information and Communication Technology, pp. 65–78, Springer, Berlin, Heidelberg, 2014. View at Publisher · View at Google Scholar
  114. E. Vasilomanolakis, S. Srinivasa, C. G. Cordero, and M. Mühlhäuser, “Multi-stage attack detection and signature generation with ICS honeypots,” in Proceedings of the IEEE/IFIP Network Operations and Management Symposium, NOMS 2016, pp. 1227–1232, April 2016. View at Publisher · View at Google Scholar · View at Scopus
  115. D. Antonioli, A. Agrawal, and N. O. Tippenhauer, “Towards high-interaction virtual ICS honeypots-in-a-box,” in Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and PrivaCy, CPS-SPC 2016, pp. 13–22. View at Publisher · View at Google Scholar · View at Scopus