Defense model to detect cyberattacks in critical infrastructures: Machine Learning And Cyber Threat Intelligence Approach

Critical Infrastructures (CIs), including energy, water, and industrial control systems, are foundational to the functioning of modern society. However, the evolving sophistication of cyber threats poses significant risks to these essential services, with traditional security frameworks often fallin...

Full description

Autores:: Pinto Rojas, Yuri Andrea

Tipo de recurso:: Doctoral thesis

Fecha de publicación:: 2024

Institución:: Universidad de los Andes

Repositorio:: Séneca: repositorio Uniandes

Idioma:: eng

id	UNIANDES2_f452908461636aecd4815ba98425f03b
oai_identifier_str	oai:repositorio.uniandes.edu.co:1992/75272
network_acronym_str	UNIANDES2
network_name_str	Séneca: repositorio Uniandes
repository_id_str
dc.title.eng.fl_str_mv	Defense model to detect cyberattacks in critical infrastructures: Machine Learning And Cyber Threat Intelligence Approach
title	Defense model to detect cyberattacks in critical infrastructures: Machine Learning And Cyber Threat Intelligence Approach
spellingShingle	Defense model to detect cyberattacks in critical infrastructures: Machine Learning And Cyber Threat Intelligence Approach Cybersecurity Critical Infrastructures Artificial Intelligence Cyber Threat Intelligence Ingeniería
title_short	Defense model to detect cyberattacks in critical infrastructures: Machine Learning And Cyber Threat Intelligence Approach
title_full	Defense model to detect cyberattacks in critical infrastructures: Machine Learning And Cyber Threat Intelligence Approach
title_fullStr	Defense model to detect cyberattacks in critical infrastructures: Machine Learning And Cyber Threat Intelligence Approach
title_full_unstemmed	Defense model to detect cyberattacks in critical infrastructures: Machine Learning And Cyber Threat Intelligence Approach
title_sort	Defense model to detect cyberattacks in critical infrastructures: Machine Learning And Cyber Threat Intelligence Approach
dc.creator.fl_str_mv	Pinto Rojas, Yuri Andrea
dc.contributor.advisor.none.fl_str_mv	Donoso Meisel, Yezyd Enrique Gutiérrez, Jairo A.
dc.contributor.author.none.fl_str_mv	Pinto Rojas, Yuri Andrea
dc.contributor.jury.none.fl_str_mv	Núñez Castro, Haydemar María Safaei Pour, Morteza Lozano Garzón, Carlos Andrés Montoya Orozco, Germán Adolfo
dc.contributor.researchgroup.none.fl_str_mv	Facultad de Ingeniería::COMIT - Comunicaciones y Tecnología de Información
dc.subject.keyword.eng.fl_str_mv	Cybersecurity Critical Infrastructures Artificial Intelligence Cyber Threat Intelligence
topic	Cybersecurity Critical Infrastructures Artificial Intelligence Cyber Threat Intelligence Ingeniería
dc.subject.themes.spa.fl_str_mv	Ingeniería
description	Critical Infrastructures (CIs), including energy, water, and industrial control systems, are foundational to the functioning of modern society. However, the evolving sophistication of cyber threats poses significant risks to these essential services, with traditional security frameworks often falling short in addressing the complexities inherent to CIs. The increasing integration of Industrial Internet of Things (IIoT) devices and operational technologies further complicates the security landscape, creating a critical need for adaptive and holistic cybersecurity solutions that can protect against both network and physical disruptions. This doctoral thesis presents the Integrated Hybrid Cybersecurity Framework (IHCF)—a novel, adaptive approach designed to address these challenges. By integrating Adversarial Autoencoders (AAE) with Graph Convolutional Networks with Long Short-Term Memory (GCN-LSTM) and leveraging Cyber Threat Intelligence (CTI), the IHCF aims to bridge the gap between physical anomaly detection and network-based threat classification. The framework offers a comprehensive, context-aware defense mechanism capable of handling both known and emerging threats across physical and network domains in CI environments. The research follows an iterative Design Science Research Methodology (DSRM), starting with problem identification, moving through solution design, development, and rigorous evaluation, and concluding with effective communication of findings. Through an extensive systematic literature review, key limitations in existing cybersecurity frameworks were identified—primarily their inability to effectively integrate network traffic analysis with physical anomaly detection and contextual threat intelligence. The IHCF was developed to overcome these limitations, using a hybrid approach to integrate physical sensor data, network traffic data, and threat intelligence into a cohesive security framework. The IHCF was evaluated using the SWAT dataset—a scaled-down industrial testbed providing both physical sensor and network data, with attack scenarios targeting physical components and network communications. The evaluation results demonstrate that the IHCF successfully detected and classified all 26 attack scenarios aimed for detection, achieving robust performance across both network and physical domains. The Adversarial Autoencoder (AAE) successfully identified 24 out of 26 scenarios, while the GCN-LSTM component achieved an accuracy of 99.04% and a macro F1-score of 0.9151, reflecting strong classification capabilities across diverse classes. This hybrid approach ensures that all anomalies are detected, providing a comprehensive detection mechanism that captures both temporal and spatial anomalies. The inclusion of MITRE ATT&CK within the GCN-LSTM further enriched the framework's situational awareness, mapping detected threats to known adversary tactics, techniques, and procedures, and thereby providing valuable context to guide response actions. This feature empowers analysts with actionable insights, facilitating targeted and efficient incident responses that enhance the resilience of CI systems. While the IHCF demonstrated strong results, several limitations were identified, including reliance on a single dataset for evaluation and challenges related to generalizing the findings to other CI environments. Expanding the scope of datasets, enhancing adaptability, and ensuring scalability will be essential steps for future research to address these limitations. Overall, this thesis contributes significantly to the academic and practical domains of cybersecurity, presenting an adaptive, robust, and context-aware solution for protecting critical infrastructure systems. The IHCF provides a pathway to significantly improve the cybersecurity posture of CIs by integrating AI-driven anomaly detection with threat intelligence, and these findings will be disseminated through peer-reviewed publications and academic conference presentations to advance knowledge in the field.
publishDate	2024
dc.date.accessioned.none.fl_str_mv	2024-12-12T19:12:57Z
dc.date.available.none.fl_str_mv	2024-12-12T19:12:57Z
dc.date.issued.none.fl_str_mv	2024-12-04
dc.type.none.fl_str_mv	Trabajo de grado - Doctorado
dc.type.driver.none.fl_str_mv	info:eu-repo/semantics/doctoralThesis
dc.type.version.none.fl_str_mv	info:eu-repo/semantics/acceptedVersion
dc.type.coar.none.fl_str_mv	http://purl.org/coar/resource_type/c_db06
dc.type.content.none.fl_str_mv	Text
dc.type.redcol.none.fl_str_mv	https://purl.org/redcol/resource_type/TD
format	http://purl.org/coar/resource_type/c_db06
status_str	acceptedVersion
dc.identifier.uri.none.fl_str_mv	https://hdl.handle.net/1992/75272
dc.identifier.instname.none.fl_str_mv	instname:Universidad de los Andes
dc.identifier.reponame.none.fl_str_mv	reponame:Repositorio Institucional Séneca
dc.identifier.repourl.none.fl_str_mv	repourl:https://repositorio.uniandes.edu.co/
url	https://hdl.handle.net/1992/75272
identifier_str_mv	instname:Universidad de los Andes reponame:Repositorio Institucional Séneca repourl:https://repositorio.uniandes.edu.co/
dc.language.iso.none.fl_str_mv	eng
language	eng
dc.relation.references.none.fl_str_mv	[1] D. Markopoulou and V. Papakonstantinou, “The regulatory framework for the protection of critical infrastructures against cyberthreats: Identifying shortcomings and addressing future challenges: The case of the health sector in particular,” Computer Law & Security Review: The International Journal of Technology Law and Practice, vol. 41, 2021, doi: 10.1016/j.clsr.2020.105502. [2] G. E. I. Selim, E. E. D. Hemdan, A. M. Shehata, and N. A. El-Fishawy, “Anomaly events classification and detection system in critical industrial internet of things infrastructure using machine learning algorithms,” Multimed Tools Appl, vol. 80, no. 8, pp. 12619–12640, 2021, doi: 10.1007/s11042-020-10354-1. [3] M. A. Ridwan, N. A. M. Radzi, F. Abdullah, and Y. E. Jalil, “Applications of Machine Learning in Networking: A Survey of Current Issues and Future Challenges,” IEEE Access, vol. 9, pp. 52523–52556, 2021, doi: 10.1109/ACCESS.2021.3069210. [4] K. Shaukat, S. Luo, V. Varadharajan, I. A. Hameed, and M. Xu, “A Survey on Machine Learning Techniques for Cyber Security in the Last Decade,” IEEE Access, vol. 8, pp. 222310–222354, 2020, doi: 10.1109/ACCESS.2020.3041951. [5] L. Kruszka, M. Klósak, and P. Muzolf, “Critical Infrastructure Protection Best Practices and Innovative Methods of Protection,” NATO Science for Peace and Security, Sub-series D, Information and Communication Security., vol. 52, 2019. [6] T. T. Nguyen and V. J. Reddi, “Deep Reinforcement Learning for Cyber Security,” IEEE Trans Neural Netw Learn Syst, 2021, doi: 10.1109/TNNLS.2021.3121870. [7] M. Guarascio, N. Cassavia, F. S. Pisani, and G. Manco, “Boosting Cyber-Threat Intelligence via Collaborative Intrusion Detection,” Future Generation Computer Systems, vol. 135, pp. 30–43, Oct. 2022, doi: 10.1016/j.future.2022.04.028. [8] D. Schlette, F. Böhm, M. Caselli, and G. Pernul, “Measuring and visualizing cyber threat intelligence quality,” Int J Inf Secur, vol. 20, no. 1, pp. 21–38, Feb. 2021, doi: 10.1007/s10207-020-00490-y. [9] G. Sakellariou, P. Fouliras, I. Mavridis, and P. Sarigiannidis, “A Reference Model for Cyber Threat Intelligence (CTI) Systems,” Electronics (Basel), vol. 11, no. 9, p. 1401, Apr. 2022, doi: 10.3390/electronics11091401. [10] O. Yurekten and M. Demirci, “Citadel: Cyber threat intelligence assisted defense system for software-defined networks,” Computer Networks, vol. 191, May 2021, doi: 10.1016/j.comnet.2021.108013. [11] H. Kure and S. Islam, “Cyber Threat Intelligence for Improving Cybersecurity and Risk Management in Critical Infrastructure,” Journal of Universal Computer Science, vol. 25, no. 11, pp. 1478-1478–1502, 2019, doi: 10.3217/jucs-025-11-1478. [12] L. Khan, M. Awad, and B. Thuraisingham, “A new intrusion detection system using support vector machines and hierarchical clustering,” VLDB Journal, vol. 16, no. 4, pp. 507–521, Oct. 2007, doi: 10.1007/s00778-006-0002-5. [13] G. Wang, J. Hao, J. Mab, and L. Huang, “A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering,” Expert Syst Appl, vol. 37, no. 9, pp. 6225–6232, Sep. 2010, doi: 10.1016/j.eswa.2010.02.102. [14] S. J. Horng et al., “A novel intrusion detection system based on hierarchical clustering and support vector machines,” Expert Syst Appl, vol. 38, no. 1, pp. 306–313, Jan. 2011, doi: 10.1016/j.eswa.2010.06.066. [15] S. Bromander et al., “Investigating Sharing of Cyber Threat Intelligence and Proposing A New Data Model for Enabling Automation in Knowledge Representation and Exchange,” Digital Threats: Research and Practice, vol. 3, no. 1, Mar. 2022, doi: 10.1145/3458027. [16] R. Riesco and V. A. Villagrá, “Leveraging cyber threat intelligence for a dynamic risk framework: Automation by using a semantic reasoner and a new combination of standards (STIXTM, SWRL and OWL),” Int J Inf Secur, vol. 18, no. 6, pp. 715–739, Dec. 2019, doi: 10.1007/s10207-019-00433-2. [17] I. Kotenko, I. Saenko, A. Kushnerevich, and A. Branitskiy, “Attack Detection in IoT Critical Infrastructures: A Machine Learning and Big Data Processing Approach,” in Proceedings - 27th Euromicro International Conference on Parallel, Distributed and Network-Based Processing, PDP 2019, 2019, pp. 340-340–347. doi: 10.1109/EMPDP.2019.8671571. [18] I. H. Sarker, A. S. M. Kayes, S. Badsha, H. Alqahtani, P. Watters, and A. Ng, “Cybersecurity data science: an overview from machine learning perspective,” J Big Data, vol. 7, no. 1, 2020, doi: 10.1186/s40537-020-00318-5. [19] S. Adepu, K. N. Junejo, A. Mathur, and J. Goh, “A Dataset to Support Research in the Design of Secure Water Treatment Systems.” [Online]. Available: https://www.researchgate.net/publication/305809559 [20] K. Peffers, T. Tuunanen, M. A. Rothenberger, and S. Chatterjee, “A design science research methodology for information systems research,” Journal of Management Information Systems, vol. 24, no. 3, pp. 45–77, Dec. 2007, doi: 10.2753/MIS0742-1222240302. [21] H. I. Kure, S. Islam, and H. Mouratidis, “An integrated cyber security risk management framework and risk predication for the critical infrastructure protection,” Neural Comput Appl, 2022, doi: 10.1007/s00521-022-06959-2. [22] M. Dawson, R. Bacius, L. B. Gouveia, and A. Vassilakos, “Understanding the Challenge of Cybersecurity in Critical Infrastructure Sectors,” Land Forces Academy Review, vol. 26, no. 1, pp. 69–75, Mar. 2021, doi: 10.2478/raft-2021-0011. [23] L. C. Herrera and O. Maennel, “A comprehensive instrument for identifying critical information infrastructure services,” Jun. 01, 2019, Elsevier B.V. doi: 10.1016/j.ijcip.2019.02.001. [24] Rossella. Mattioli, C. Levy-Bencheton, and European Union. European Network and Information Security Agency., Methodologies for the identification of critical information infrastructure assets and services : guidelines for charting electronic data communication networks., no. December. 2014. [25] C. Gallais and E. Filiol, “Critical Infrastructure : Where Do We Stand Today? A Comprehensive and Comparative Study of the Definitions of a Critical Infrastructure,” Journal of Information Warfare, vol. 16, no. 1, p. 64, 2017, [Online]. Available: https://www.jstor.org/stable/26502877 [26] P. Pătraşcu, “Emerging Technologies and National Security: The Impact of IoT in Critical Infrastructures Protection and Defence Sector,” Land Forces Academy Review, vol. 26, no. 4, pp. 423–429, Dec. 2021, doi: 10.2478/raft-2021-0055. [27] M. Malatji, A. L. Marnewick, and S. Von Solms, “Cybersecurity capabilities for critical infrastructure resilience,” Information and Computer Security, vol. 30, no. 2, pp. 255–279, Mar. 2022, doi: 10.1108/ICS-06-2021-0091. [28] P. Arora, B. Kaur, and M. A. Teixeira, “Evaluation of Machine Learning Algorithms Used on Attacks Detection in Industrial Control Systems,” Jun. 01, 2021, Springer. doi: 10.1007/s40031-021-00563-z. [29] S. Zeadally, E. Adi, Z. Baig, and I. A. Khan, “Harnessing artificial intelligence capabilities to improve cybersecurity,” IEEE Access, vol. 8, pp. 23817–23837, 2020, doi: 10.1109/ACCESS.2020.2968045. [30] A. L. Buczak and E. Guven, “A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection,” IEEE Communications Surveys and Tutorials, vol. 18, no. 2, pp. 1153–1176, Apr. 2016, doi: 10.1109/COMST.2015.2494502. [31] H. Polat, M. Türkoğlu, O. Polat, and A. Şengür, “A novel approach for accurate detection of the DDoS attacks in SDN-based SCADA systems based on deep recurrent neural networks,” Expert Syst Appl, vol. 197, Jul. 2022, doi: 10.1016/j.eswa.2022.116748. [32] S. Zeadally, E. Adi, Z. Baig, and I. A. Khan, “Harnessing artificial intelligence capabilities to improve cybersecurity,” IEEE Access, vol. 8, pp. 23817–23837, 2020, doi: 10.1109/ACCESS.2020.2968045. [33] T. Kegyes, Z. Süle, and J. Abonyi, “The Applicability of Reinforcement Learning Methods in the Development of Industry 4.0 Applications,” 2021, Hindawi Limited. doi: 10.1155/2021/7179374. [34] C. Roberts et al., “Deep Reinforcement Learning for DER Cyber-Attack Mitigation,” Sep. 2020, [Online]. Available: http://arxiv.org/abs/2009.13088. [35] M. Sarnovsky and Paralic Jan, “Hierarchical Intrusion Detection Using MachineLearning and Knowledge Model,” 2020, doi: 10.3390/sym12020203. [36] G. Goos et al., “Security, Privacy, and Applied Cryptography Engineering.” [Online]. Available: http://www.springer.com/series/7410. [37] E. A. Shams, A. Rizaner, and A. H. Ulusoy, “A novel context-aware feature extraction method for convolutional neural network-based intrusion detection systems,” Neural Comput Appl, 2021, doi: 10.1007/s00521-021-05994-9. [38] V. K. Mishra, V. R. Palleti, and A. Mathur, “A modeling framework for critical infrastructure and its application in detecting cyber-attacks on a water distribution system,” International Journal of Critical Infrastructure Protection, vol. 26, Sep. 2019, doi: 10.1016/j.ijcip.2019.05.001. [39] P. Nirmala, T. Manimegalai, J. R. Arunkumar, S. Vimala, G. V. Rajkumar, and R. Raju, “A Mechanism for Detecting the Intruder in the Network through a Stacking Dilated CNN Model,” Wirel Commun Mob Comput, vol. 2022, 2022, doi: 10.1155/2022/1955009. [40] G. Li et al., “Detecting cyberattacks in industrial control systems using online learning algorithms,” Neurocomputing, vol. 364, pp. 338–348, 2019, doi: 10.1016/j.neucom.2019.07.031. [41] O. Faker and E. Dogdu, “Intrusion detection using big data and deep learning techniques,” in ACMSE 2019 - Proceedings of the 2019 ACM Southeast Conference, Association for Computing Machinery, Inc, Apr. 2019, pp. 86–93. doi: 10.1145/3299815.3314439. [42] V. Kanimozhi and T. P. Jacob, “Artificial Intelligence based Network Intrusion Detection with hyper-parameter optimization tuning on the realistic cyber dataset CSE-CIC-IDS2018 using cloud computing,” ICT Express, vol. 5, no. 3, pp. 211–214, Sep. 2019, doi: 10.1016/j.icte.2019.03.003. [43] T. T. H. Le, H. Kim, H. Kang, and H. Kim, “Classification and Explanation for Intrusion Detection System Based on Ensemble Trees and SHAP Method,” Sensors, vol. 22, no. 3, Feb. 2022, doi: 10.3390/s22031154. [44] A. J. Malik and F. A. Khan, “A hybrid technique using binary particle swarm optimization and decision tree pruning for network intrusion detection,” Cluster Comput, vol. 21, no. 1, pp. 667–680, Jun. 2017, doi: 10.1007/s10586-017-0971-8. [45] K. Al Jallad, M. Aljnidi, and M. S. Desouki, “Big data analysis and distributed deep learning for next-generation intrusion detection system optimization,” J Big Data, vol. 6, no. 1, Dec. 2019, doi: 10.1186/s40537-019-0248-6. [46] C. Kolias, G. Kambourakis, A. Stavrou, and S. Gritzalis, “Intrusion detection in 802.11 networks: Empirical evaluation of threats and a public dataset,” IEEE Communications Surveys and Tutorials, vol. 18, no. 1, pp. 184–208, Jan. 2016, doi: 10.1109/COMST.2015.2402161. [47] I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and intrusion traffic characterization,” in ICISSP 2018 - Proceedings of the 4th International Conference on Information Systems Security and Privacy, SciTePress, 2018, pp. 108–116. doi: 10.5220/0006639801080116. [48] T. Zoppi, M. Gharib, M. Atif, and A. Bondavalli, “Meta-learning to improve unsupervised intrusion detection in cyber-physical systems,” ACM Transactions on Cyber-Physical Systems, vol. 5, no. 4, Oct. 2021, doi: 10.1145/3467470. [49] E. K. Viegas, A. O. Santin, and L. S. Oliveira, “Toward a reliable anomaly-based intrusion detection in real-world environments,” Computer Networks, vol. 127, pp. 200–216, Nov. 2017, doi: 10.1016/j.comnet.2017.08.013. [50] P. Mishra, V. Varadharajan, U. Tupakula, and E. S. Pilli, “A detailed investigation and analysis of using machine learning techniques for intrusion detection,” IEEE Communications Surveys and Tutorials, vol. 21, no. 1, pp. 686–728, Jan. 2019, doi: 10.1109/COMST.2018.2847722. [51] M. Sarhan, S. Layeghy, and M. Portmann, “Towards a Standard Feature Set for Network Intrusion Detection System Datasets,” Mobile Networks and Applications, vol. 27, no. 1, pp. 357–370, Feb. 2022, doi: 10.1007/s11036-021-01843-0. [52] G. Shin, H. Yooun, D. Shin, and D. Shin, “Incremental learning method for cyber intelligence, surveillance, and reconnaissance in closed military network using converged IT techniques,” Soft Computing: A Fusion of Foundations, Methodologies and Applications, vol. 22, no. 20, pp. 6835-6835–6844, 2018, doi: 10.1007/s00500-018-3433-1. [53] D. Schlette, F. Böhm, M. Caselli, and G. Pernul, “Measuring and visualizing cyber threat intelligence quality,” Int J Inf Secur, vol. 20, no. 1, pp. 21–38, Feb. 2021, doi: 10.1007/s10207-020-00490-y. [54] C. H. Han, S. T. Park, and S. J. Lee, “The Enhanced Security Control model for critical infrastructures with the blocking prioritization process to cyber threats in power system,” International Journal of Critical Infrastructure Protection, vol. 26, Sep. 2019, doi: 10.1016/j.ijcip.2019.100312. [55] The MITRE Corporation, “Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIXTM),” 2012. [Online]. Available: http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pd [56] P. Alaeifar, S. Pal, Z. Jadidi, M. Hussain, and E. Foo, “Current approaches and future directions for Cyber Threat Intelligence sharing: A survey,” Journal of Information Security and Applications, vol. 83, Jun. 2024, doi: 10.1016/j.jisa.2024.103786. [57] D. S. Afenu, M. Asiri, and N. Saxena, “Industrial Control Systems Security Validation Based on MITRE Adversarial Tactics, Techniques, and Common Knowledge Framework,” Electronics (Switzerland), vol. 13, no. 5, Mar. 2024, doi: 10.3390/electronics13050917. [58] S. Zhang et al., “An Automatic Assessment Method of Cyber Threat Intelligence Combined with ATT&CK Matrix,” Wirel Commun Mob Comput, vol. 2022, 2022, doi: 10.1155/2022/7875910. [59] C. H. Han, S. T. Park, and S. J. Lee, “The Enhanced Security Control model for critical infrastructures with the blocking prioritization process to cyber threats in power system,” International Journal of Critical Infrastructure Protection, vol. 26, Sep. 2019, doi: 10.1016/j.ijcip.2019.100312. [60] R. M. Czekster, R. Metere, and C. Morisset, “Incorporating Cyber Threat Intelligence into Complex Cyber-Physical Systems: A STIX Model for Active Buildings,” Applied Sciences, vol. 12, no. 10, p. 5005, May 2022, doi: 10.3390/app12105005. [61] X. Bing, “Critical infrastructure protection based on memory-augmented meta-learning framework,” Neural Comput Appl, vol. 32, no. 23, pp. 17197–17208, 2020, doi: 10.1007/s00521-020-04760-7. [62] F. Skopik, G. Settanni, and R. Fiedler, “A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing,” Comput Secur, vol. 60, pp. 154–176, Jul. 2016, doi: 10.1016/j.cose.2016.04.003. [63] D. Mashima, “MITRE ATT&CK Based Evaluation on In-Network Deception Technology for Modernized Electrical Substation Systems,” Sustainability (Switzerland), vol. 14, no. 3, Feb. 2022, doi: 10.3390/su14031256. [64] A. M. Pirca and H. S. Lallie, “An empirical evaluation of the effectiveness of attack graphs and MITRE ATT&CK matrices in aiding cyber attack perception amongst decision-makers,” Comput Secur, vol. 130, Jul. 2023, doi: 10.1016/j.cose.2023.103254. [65] A. Yousaf and J. Zhou, “From sinking to saving: MITRE ATT &CK and D3FEND frameworks for maritime cybersecurity,” Int J Inf Secur, vol. 23, no. 3, pp. 1603–1618, Jun. 2024, doi: 10.1007/s10207-024-00812-4. [66] G. Ahn, J. Jang, S. Choi, and D. Shin, “Research on Improving Cyber Resilience by Integrating the Zero Trust Security Model With the MITRE ATT&CK Matrix,” IEEE Access, vol. 12, pp. 89291–89309, 2024, doi: 10.1109/ACCESS.2024.3417182. [67] L. J. B. Amaro, B. W. P. Azevedo, F. L. L. de Mendonca, W. F. Giozza, R. de O. Albuquerque, and L. J. G. Villalba, “Methodological Framework to Collect, Process, Analyze and Visualize Cyber Threat Intelligence Data,” Applied Sciences (Switzerland), vol. 12, no. 3, Feb. 2022, doi: 10.3390/app12031205. [68] E. Aboah Boateng, J. W. Bruce, and D. A. Talbert, “Anomaly Detection for a Water Treatment System Based on One-Class Neural Network,” IEEE Access, vol. 10, pp. 115179–115191, 2022, doi: 10.1109/ACCESS.2022.3218624. [69] D. Nedeljkovic and Z. Jakovljevic, “CNN based method for the development of cyber-attacks detection algorithms in industrial control systems,” Comput Secur, vol. 114, Mar. 2022, doi: 10.1016/j.cose.2021.102585. [70] B. Kim, M. A. Alawami, E. Kim, S. Oh, J. Park, and H. Kim, “A Comparative Study of Time Series Anomaly Detection Models for Industrial Control Systems,” Sensors, vol. 23, no. 3, Feb. 2023, doi: 10.3390/s23031310. [71] G. Raman MR, N. Somu, and A. P. Mathur, “A multilayer perceptron model for anomaly detection in water treatment plants,” International Journal of Critical Infrastructure Protection, vol. 31, Dec. 2020, doi: 10.1016/j.ijcip.2020.100393. [72] A. Pinto, L. C. Herrera, Y. Donoso, and J. A. Gutierrez, “Survey on Intrusion Detection Systems Based on Machine Learning Techniques for the Protection of Critical Infrastructure,” Mar. 01, 2023, Sensors. doi: 10.3390/s23052415. [73] D. P. Kingma and M. Welling, “An Introduction to Variational Autoencoders,” Jun. 2019, doi: 10.1561/2200000056. [74] R. C. Staudemeyer and E. R. Morris, “Understanding LSTM -- a tutorial into Long Short-Term Memory Recurrent Neural Networks,” Sep. 2019, [Online]. Available: http://arxiv.org/abs/1909.09586 [75] A. Pinto, L. C. Herrera, Y. Donoso, and J. A. Gutierrez, “Enhancing Critical Infrastructure Security: Unsupervised Learning Approaches for Anomaly Detection,” Dec. 01, 2024, Springer Science and Business Media B.V. doi: 10.1007/s44196-024-00644-z. [76] D. Bahdanau, K. Cho, and Y. Bengio, “Neural Machine Translation by Jointly Learning to Align and Translate,” Sep. 2014, [Online]. Available: http://arxiv.org/abs/1409.0473 [77] A. Vaswani et al., “Attention Is All You Need,” Jun. 2017, [Online]. Available: http://arxiv.org/abs/1706.03762 [78] S. Y. Boulahia, A. Amamra, M. R. Madi, and S. Daikh, “Early, intermediate and late fusion strategies for robust deep learning-based multimodal action recognition,” Mach Vis Appl, vol. 32, no. 6, Nov. 2021, doi: 10.1007/s00138-021-01249-8. [79] T. Y. Liao, W. Wang, and Y. Xing, “A method for disturbance identification in power quality based on cross-attention fusion of temporal and spatial features,” Electric Power Systems Research, vol. 234, Sep. 2024, doi: 10.1016/j.epsr.2024.110560. [80] K. Yu, X. Qin, Z. Jia, Y. Du, and M. Lin, “Cross-attention fusion based spatial-temporal multi-graph convolutional network for traffic flow prediction,” Sensors, vol. 21, no. 24, Dec. 2021, doi: 10.3390/s21248468. [81] W. T. Lunardi, M. A. Lopez, and J.-P. Giacalone, “ARCADE: Adversarially Regularized Convolutional Autoencoder for Network Anomaly Detection,” May 2022, [Online]. Available: http://arxiv.org/abs/2205.01432 [82] I. J. Goodfellow et al., “Generative Adversarial Nets,” Adv Neural Inf Process Syst, vol. 27, 2014, [Online]. Available: http://www.github.com/goodfeli/adversarial. [83] M. J. Zideh, M. R. Khalghani, and S. K. Solanki, “An unsupervised adversarial autoencoder for cyber attack detection in power distribution grids,” Electric Power Systems Research, vol. 232, Jul. 2024, doi: 10.1016/j.epsr.2024.110407. [84] Pinto Andrea, Herrera Luis Carlos, Donoso Yezid, and Gutierrez Jairo A, “Leveraging A Deep Attention-Based Adversarial Autoencoder For Anomaly Detection In Critical Infrastructures,” Int J Inf Secur, 2024. [85] Pinto Andrea, Herrera Luis Carlos, Donoso Yezid, and Gutierrez Jairo A, “Intelligence-Driven Security: Modeling Cyber Threat Intelligence for Protecting Critical Infrastructure Through GCN-LSTM Networks,” IEEE Access, 2024. [86] T. Zhu, J. Wang, Y. Zhu, H. Chen, H. Zhang, and S. Yin, “Power grid network security: A lightweight detection model for composite false data injection attacks using spatiotemporal features,” International Journal of Critical Infrastructure Protection, vol. 46, Sep. 2024, doi: 10.1016/j.ijcip.2024.100697. [87] S. B. Jeon and M. H. Jeong, “Integrating Spatio-Temporal Graph Convolutional Networks with Convolutional Neural Networks for Predicting Short-Term Traffic Speed in Urban Road Networks,” Applied Sciences (Switzerland), vol. 14, no. 14, Jul. 2024, doi: 10.3390/app14146102. [88] Y. Wang, J. Liu, and G. Qian, “Hierarchical FFT-LSTM-GCN based model for nuclear power plant fault diagnosis considering spatio-temporal features fusion,” Progress in Nuclear Energy, vol. 171, Jun. 2024, doi: 10.1016/j.pnucene.2024.105178. [89] Y. Zhang, S. Xu, L. Zhang, W. Jiang, S. Alam, and D. Xue, “Short-term multi-step-ahead sector-based traffic flow prediction based on the attention-enhanced graph convolutional LSTM network (AGC-LSTM),” Neural Comput Appl, 2024, doi: 10.1007/s00521-024-09827-3. [90] S. L(y)u, K. Wang, L. Zhang, and B. Wang, “Global-local integration for GNN-based anomalous device state detection in industrial control systems,” Expert Syst Appl, vol. 209, Dec. 2022, doi: 10.1016/j.eswa.2022.118345. [91] C. Tang, L. Xu, B. Yang, Y. Tang, and D. Zhao, “GRU-Based Interpretable Multivariate Time Series Anomaly Detection in Industrial Control System,” Comput Secur, vol. 127, Apr. 2023, doi: 10.1016/j.cose.2023.103094. [92] J. Liao, J. Li, Y. Chen, R. Gu, Y. Zhu, and W. Peng, “DPDGAD: A Dual-Process Dynamic Graph-based Anomaly Detection for multivariate time series analysis in cyber-physical systems,” Advanced Engineering Informatics, vol. 61, Aug. 2024, doi: 10.1016/j.aei.2024.102547. [93] M. Zhao, H. Peng, L. Li, and Y. Ren, “Graph Attention Network and Informer for Multivariate Time Series Anomaly Detection,” Sensors, vol. 24, no. 5, Mar. 2024, doi: 10.3390/s24051522.
dc.rights.en.fl_str_mv	Attribution-NonCommercial-NoDerivatives 4.0 International
dc.rights.uri.none.fl_str_mv	http://creativecommons.org/licenses/by-nc-nd/4.0/
dc.rights.accessrights.none.fl_str_mv	info:eu-repo/semantics/openAccess
dc.rights.coar.none.fl_str_mv	http://purl.org/coar/access_right/c_abf2
rights_invalid_str_mv	Attribution-NonCommercial-NoDerivatives 4.0 International http://creativecommons.org/licenses/by-nc-nd/4.0/ http://purl.org/coar/access_right/c_abf2
eu_rights_str_mv	openAccess
dc.format.extent.none.fl_str_mv	159 páginas
dc.format.mimetype.none.fl_str_mv	application/pdf
dc.publisher.none.fl_str_mv	Universidad de los Andes
dc.publisher.program.none.fl_str_mv	Doctorado en Ingeniería
dc.publisher.faculty.none.fl_str_mv	Facultad de Ingeniería
dc.publisher.department.none.fl_str_mv	Departamento de Ingeniería Sistemas y Computación
publisher.none.fl_str_mv	Universidad de los Andes
institution	Universidad de los Andes
bitstream.url.fl_str_mv	https://repositorio.uniandes.edu.co/bitstreams/54b617d5-d636-4e04-b93a-9ff60689dfe6/download https://repositorio.uniandes.edu.co/bitstreams/b14321b0-6510-4c1f-bd1a-a49d589fd14e/download https://repositorio.uniandes.edu.co/bitstreams/041164cc-f15b-4d9c-a6d7-f09fda7b3a4d/download https://repositorio.uniandes.edu.co/bitstreams/5d3aa346-536b-4642-ab89-aa13db05b982/download https://repositorio.uniandes.edu.co/bitstreams/ee185198-0192-4104-9a32-22946cd18923/download https://repositorio.uniandes.edu.co/bitstreams/88c7b027-25b3-43ff-a3ad-cb48a552a103/download https://repositorio.uniandes.edu.co/bitstreams/8dc2a438-cf6a-4829-b4a2-269ff7556339/download https://repositorio.uniandes.edu.co/bitstreams/5d7d60e9-5799-44fa-8680-32342ca6e670/download
bitstream.checksum.fl_str_mv	4460e5956bc1d1639be9ae6146a50347 bf49295b5e847a2239caac5645eb0039 4c3679c10b9d9e83fe252b2fd7410160 ae9e573a68e7f92501b6913cc846c39f 18ecbbc655be647a2f7ef510b31e07a2 190dbe92b3008d32691a5ba30594cfb1 b01e12770f8d8632458c7e79ac4ea676 14c5ce6b5ea6ac71eff66892ae00b4a7
bitstream.checksumAlgorithm.fl_str_mv	MD5 MD5 MD5 MD5 MD5 MD5 MD5 MD5
repository.name.fl_str_mv	Repositorio institucional Séneca
repository.mail.fl_str_mv	adminrepositorio@uniandes.edu.co
_version_	1831927843437674496
spelling	Donoso Meisel, Yezyd Enriquevirtual::21811-1Gutiérrez, Jairo A.Pinto Rojas, Yuri AndreaNúñez Castro, Haydemar MaríaSafaei Pour, MortezaLozano Garzón, Carlos AndrésMontoya Orozco, Germán AdolfoFacultad de Ingeniería::COMIT - Comunicaciones y Tecnología de Información2024-12-12T19:12:57Z2024-12-12T19:12:57Z2024-12-04https://hdl.handle.net/1992/75272instname:Universidad de los Andesreponame:Repositorio Institucional Sénecarepourl:https://repositorio.uniandes.edu.co/Critical Infrastructures (CIs), including energy, water, and industrial control systems, are foundational to the functioning of modern society. However, the evolving sophistication of cyber threats poses significant risks to these essential services, with traditional security frameworks often falling short in addressing the complexities inherent to CIs. The increasing integration of Industrial Internet of Things (IIoT) devices and operational technologies further complicates the security landscape, creating a critical need for adaptive and holistic cybersecurity solutions that can protect against both network and physical disruptions. This doctoral thesis presents the Integrated Hybrid Cybersecurity Framework (IHCF)—a novel, adaptive approach designed to address these challenges. By integrating Adversarial Autoencoders (AAE) with Graph Convolutional Networks with Long Short-Term Memory (GCN-LSTM) and leveraging Cyber Threat Intelligence (CTI), the IHCF aims to bridge the gap between physical anomaly detection and network-based threat classification. The framework offers a comprehensive, context-aware defense mechanism capable of handling both known and emerging threats across physical and network domains in CI environments. The research follows an iterative Design Science Research Methodology (DSRM), starting with problem identification, moving through solution design, development, and rigorous evaluation, and concluding with effective communication of findings. Through an extensive systematic literature review, key limitations in existing cybersecurity frameworks were identified—primarily their inability to effectively integrate network traffic analysis with physical anomaly detection and contextual threat intelligence. The IHCF was developed to overcome these limitations, using a hybrid approach to integrate physical sensor data, network traffic data, and threat intelligence into a cohesive security framework. The IHCF was evaluated using the SWAT dataset—a scaled-down industrial testbed providing both physical sensor and network data, with attack scenarios targeting physical components and network communications. The evaluation results demonstrate that the IHCF successfully detected and classified all 26 attack scenarios aimed for detection, achieving robust performance across both network and physical domains. The Adversarial Autoencoder (AAE) successfully identified 24 out of 26 scenarios, while the GCN-LSTM component achieved an accuracy of 99.04% and a macro F1-score of 0.9151, reflecting strong classification capabilities across diverse classes. This hybrid approach ensures that all anomalies are detected, providing a comprehensive detection mechanism that captures both temporal and spatial anomalies. The inclusion of MITRE ATT&CK within the GCN-LSTM further enriched the framework's situational awareness, mapping detected threats to known adversary tactics, techniques, and procedures, and thereby providing valuable context to guide response actions. This feature empowers analysts with actionable insights, facilitating targeted and efficient incident responses that enhance the resilience of CI systems. While the IHCF demonstrated strong results, several limitations were identified, including reliance on a single dataset for evaluation and challenges related to generalizing the findings to other CI environments. Expanding the scope of datasets, enhancing adaptability, and ensuring scalability will be essential steps for future research to address these limitations. Overall, this thesis contributes significantly to the academic and practical domains of cybersecurity, presenting an adaptive, robust, and context-aware solution for protecting critical infrastructure systems. The IHCF provides a pathway to significantly improve the cybersecurity posture of CIs by integrating AI-driven anomaly detection with threat intelligence, and these findings will be disseminated through peer-reviewed publications and academic conference presentations to advance knowledge in the field.Doctorado159 páginasapplication/pdfengUniversidad de los AndesDoctorado en IngenieríaFacultad de IngenieríaDepartamento de Ingeniería Sistemas y ComputaciónAttribution-NonCommercial-NoDerivatives 4.0 Internationalhttp://creativecommons.org/licenses/by-nc-nd/4.0/info:eu-repo/semantics/openAccesshttp://purl.org/coar/access_right/c_abf2Defense model to detect cyberattacks in critical infrastructures: Machine Learning And Cyber Threat Intelligence ApproachTrabajo de grado - Doctoradoinfo:eu-repo/semantics/doctoralThesisinfo:eu-repo/semantics/acceptedVersionhttp://purl.org/coar/resource_type/c_db06Texthttps://purl.org/redcol/resource_type/TDCybersecurityCritical InfrastructuresArtificial IntelligenceCyber Threat IntelligenceIngeniería[1] D. Markopoulou and V. Papakonstantinou, “The regulatory framework for the protection of critical infrastructures against cyberthreats: Identifying shortcomings and addressing future challenges: The case of the health sector in particular,” Computer Law & Security Review: The International Journal of Technology Law and Practice, vol. 41, 2021, doi: 10.1016/j.clsr.2020.105502.[2] G. E. I. Selim, E. E. D. Hemdan, A. M. Shehata, and N. A. El-Fishawy, “Anomaly events classification and detection system in critical industrial internet of things infrastructure using machine learning algorithms,” Multimed Tools Appl, vol. 80, no. 8, pp. 12619–12640, 2021, doi: 10.1007/s11042-020-10354-1.[3] M. A. Ridwan, N. A. M. Radzi, F. Abdullah, and Y. E. Jalil, “Applications of Machine Learning in Networking: A Survey of Current Issues and Future Challenges,” IEEE Access, vol. 9, pp. 52523–52556, 2021, doi: 10.1109/ACCESS.2021.3069210.[4] K. Shaukat, S. Luo, V. Varadharajan, I. A. Hameed, and M. Xu, “A Survey on Machine Learning Techniques for Cyber Security in the Last Decade,” IEEE Access, vol. 8, pp. 222310–222354, 2020, doi: 10.1109/ACCESS.2020.3041951.[5] L. Kruszka, M. Klósak, and P. Muzolf, “Critical Infrastructure Protection Best Practices and Innovative Methods of Protection,” NATO Science for Peace and Security, Sub-series D, Information and Communication Security., vol. 52, 2019.[6] T. T. Nguyen and V. J. Reddi, “Deep Reinforcement Learning for Cyber Security,” IEEE Trans Neural Netw Learn Syst, 2021, doi: 10.1109/TNNLS.2021.3121870.[7] M. Guarascio, N. Cassavia, F. S. Pisani, and G. Manco, “Boosting Cyber-Threat Intelligence via Collaborative Intrusion Detection,” Future Generation Computer Systems, vol. 135, pp. 30–43, Oct. 2022, doi: 10.1016/j.future.2022.04.028.[8] D. Schlette, F. Böhm, M. Caselli, and G. Pernul, “Measuring and visualizing cyber threat intelligence quality,” Int J Inf Secur, vol. 20, no. 1, pp. 21–38, Feb. 2021, doi: 10.1007/s10207-020-00490-y.[9] G. Sakellariou, P. Fouliras, I. Mavridis, and P. Sarigiannidis, “A Reference Model for Cyber Threat Intelligence (CTI) Systems,” Electronics (Basel), vol. 11, no. 9, p. 1401, Apr. 2022, doi: 10.3390/electronics11091401.[10] O. Yurekten and M. Demirci, “Citadel: Cyber threat intelligence assisted defense system for software-defined networks,” Computer Networks, vol. 191, May 2021, doi: 10.1016/j.comnet.2021.108013.[11] H. Kure and S. Islam, “Cyber Threat Intelligence for Improving Cybersecurity and Risk Management in Critical Infrastructure,” Journal of Universal Computer Science, vol. 25, no. 11, pp. 1478-1478–1502, 2019, doi: 10.3217/jucs-025-11-1478.[12] L. Khan, M. Awad, and B. Thuraisingham, “A new intrusion detection system using support vector machines and hierarchical clustering,” VLDB Journal, vol. 16, no. 4, pp. 507–521, Oct. 2007, doi: 10.1007/s00778-006-0002-5.[13] G. Wang, J. Hao, J. Mab, and L. Huang, “A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering,” Expert Syst Appl, vol. 37, no. 9, pp. 6225–6232, Sep. 2010, doi: 10.1016/j.eswa.2010.02.102.[14] S. J. Horng et al., “A novel intrusion detection system based on hierarchical clustering and support vector machines,” Expert Syst Appl, vol. 38, no. 1, pp. 306–313, Jan. 2011, doi: 10.1016/j.eswa.2010.06.066.[15] S. Bromander et al., “Investigating Sharing of Cyber Threat Intelligence and Proposing A New Data Model for Enabling Automation in Knowledge Representation and Exchange,” Digital Threats: Research and Practice, vol. 3, no. 1, Mar. 2022, doi: 10.1145/3458027.[16] R. Riesco and V. A. Villagrá, “Leveraging cyber threat intelligence for a dynamic risk framework: Automation by using a semantic reasoner and a new combination of standards (STIXTM, SWRL and OWL),” Int J Inf Secur, vol. 18, no. 6, pp. 715–739, Dec. 2019, doi: 10.1007/s10207-019-00433-2.[17] I. Kotenko, I. Saenko, A. Kushnerevich, and A. Branitskiy, “Attack Detection in IoT Critical Infrastructures: A Machine Learning and Big Data Processing Approach,” in Proceedings - 27th Euromicro International Conference on Parallel, Distributed and Network-Based Processing, PDP 2019, 2019, pp. 340-340–347. doi: 10.1109/EMPDP.2019.8671571.[18] I. H. Sarker, A. S. M. Kayes, S. Badsha, H. Alqahtani, P. Watters, and A. Ng, “Cybersecurity data science: an overview from machine learning perspective,” J Big Data, vol. 7, no. 1, 2020, doi: 10.1186/s40537-020-00318-5.[19] S. Adepu, K. N. Junejo, A. Mathur, and J. Goh, “A Dataset to Support Research in the Design of Secure Water Treatment Systems.” [Online]. Available: https://www.researchgate.net/publication/305809559[20] K. Peffers, T. Tuunanen, M. A. Rothenberger, and S. Chatterjee, “A design science research methodology for information systems research,” Journal of Management Information Systems, vol. 24, no. 3, pp. 45–77, Dec. 2007, doi: 10.2753/MIS0742-1222240302.[21] H. I. Kure, S. Islam, and H. Mouratidis, “An integrated cyber security risk management framework and risk predication for the critical infrastructure protection,” Neural Comput Appl, 2022, doi: 10.1007/s00521-022-06959-2.[22] M. Dawson, R. Bacius, L. B. Gouveia, and A. Vassilakos, “Understanding the Challenge of Cybersecurity in Critical Infrastructure Sectors,” Land Forces Academy Review, vol. 26, no. 1, pp. 69–75, Mar. 2021, doi: 10.2478/raft-2021-0011.[23] L. C. Herrera and O. Maennel, “A comprehensive instrument for identifying critical information infrastructure services,” Jun. 01, 2019, Elsevier B.V. doi: 10.1016/j.ijcip.2019.02.001.[24] Rossella. Mattioli, C. Levy-Bencheton, and European Union. European Network and Information Security Agency., Methodologies for the identification of critical information infrastructure assets and services : guidelines for charting electronic data communication networks., no. December. 2014.[25] C. Gallais and E. Filiol, “Critical Infrastructure : Where Do We Stand Today? A Comprehensive and Comparative Study of the Definitions of a Critical Infrastructure,” Journal of Information Warfare, vol. 16, no. 1, p. 64, 2017, [Online]. Available: https://www.jstor.org/stable/26502877[26] P. Pătraşcu, “Emerging Technologies and National Security: The Impact of IoT in Critical Infrastructures Protection and Defence Sector,” Land Forces Academy Review, vol. 26, no. 4, pp. 423–429, Dec. 2021, doi: 10.2478/raft-2021-0055.[27] M. Malatji, A. L. Marnewick, and S. Von Solms, “Cybersecurity capabilities for critical infrastructure resilience,” Information and Computer Security, vol. 30, no. 2, pp. 255–279, Mar. 2022, doi: 10.1108/ICS-06-2021-0091.[28] P. Arora, B. Kaur, and M. A. Teixeira, “Evaluation of Machine Learning Algorithms Used on Attacks Detection in Industrial Control Systems,” Jun. 01, 2021, Springer. doi: 10.1007/s40031-021-00563-z.[29] S. Zeadally, E. Adi, Z. Baig, and I. A. Khan, “Harnessing artificial intelligence capabilities to improve cybersecurity,” IEEE Access, vol. 8, pp. 23817–23837, 2020, doi: 10.1109/ACCESS.2020.2968045.[30] A. L. Buczak and E. Guven, “A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection,” IEEE Communications Surveys and Tutorials, vol. 18, no. 2, pp. 1153–1176, Apr. 2016, doi: 10.1109/COMST.2015.2494502.[31] H. Polat, M. Türkoğlu, O. Polat, and A. Şengür, “A novel approach for accurate detection of the DDoS attacks in SDN-based SCADA systems based on deep recurrent neural networks,” Expert Syst Appl, vol. 197, Jul. 2022, doi: 10.1016/j.eswa.2022.116748.[32] S. Zeadally, E. Adi, Z. Baig, and I. A. Khan, “Harnessing artificial intelligence capabilities to improve cybersecurity,” IEEE Access, vol. 8, pp. 23817–23837, 2020, doi: 10.1109/ACCESS.2020.2968045.[33] T. Kegyes, Z. Süle, and J. Abonyi, “The Applicability of Reinforcement Learning Methods in the Development of Industry 4.0 Applications,” 2021, Hindawi Limited. doi: 10.1155/2021/7179374.[34] C. Roberts et al., “Deep Reinforcement Learning for DER Cyber-Attack Mitigation,” Sep. 2020, [Online]. Available: http://arxiv.org/abs/2009.13088.[35] M. Sarnovsky and Paralic Jan, “Hierarchical Intrusion Detection Using MachineLearning and Knowledge Model,” 2020, doi: 10.3390/sym12020203.[36] G. Goos et al., “Security, Privacy, and Applied Cryptography Engineering.” [Online]. Available: http://www.springer.com/series/7410.[37] E. A. Shams, A. Rizaner, and A. H. Ulusoy, “A novel context-aware feature extraction method for convolutional neural network-based intrusion detection systems,” Neural Comput Appl, 2021, doi: 10.1007/s00521-021-05994-9.[38] V. K. Mishra, V. R. Palleti, and A. Mathur, “A modeling framework for critical infrastructure and its application in detecting cyber-attacks on a water distribution system,” International Journal of Critical Infrastructure Protection, vol. 26, Sep. 2019, doi: 10.1016/j.ijcip.2019.05.001.[39] P. Nirmala, T. Manimegalai, J. R. Arunkumar, S. Vimala, G. V. Rajkumar, and R. Raju, “A Mechanism for Detecting the Intruder in the Network through a Stacking Dilated CNN Model,” Wirel Commun Mob Comput, vol. 2022, 2022, doi: 10.1155/2022/1955009.[40] G. Li et al., “Detecting cyberattacks in industrial control systems using online learning algorithms,” Neurocomputing, vol. 364, pp. 338–348, 2019, doi: 10.1016/j.neucom.2019.07.031.[41] O. Faker and E. Dogdu, “Intrusion detection using big data and deep learning techniques,” in ACMSE 2019 - Proceedings of the 2019 ACM Southeast Conference, Association for Computing Machinery, Inc, Apr. 2019, pp. 86–93. doi: 10.1145/3299815.3314439.[42] V. Kanimozhi and T. P. Jacob, “Artificial Intelligence based Network Intrusion Detection with hyper-parameter optimization tuning on the realistic cyber dataset CSE-CIC-IDS2018 using cloud computing,” ICT Express, vol. 5, no. 3, pp. 211–214, Sep. 2019, doi: 10.1016/j.icte.2019.03.003.[43] T. T. H. Le, H. Kim, H. Kang, and H. Kim, “Classification and Explanation for Intrusion Detection System Based on Ensemble Trees and SHAP Method,” Sensors, vol. 22, no. 3, Feb. 2022, doi: 10.3390/s22031154.[44] A. J. Malik and F. A. Khan, “A hybrid technique using binary particle swarm optimization and decision tree pruning for network intrusion detection,” Cluster Comput, vol. 21, no. 1, pp. 667–680, Jun. 2017, doi: 10.1007/s10586-017-0971-8.[45] K. Al Jallad, M. Aljnidi, and M. S. Desouki, “Big data analysis and distributed deep learning for next-generation intrusion detection system optimization,” J Big Data, vol. 6, no. 1, Dec. 2019, doi: 10.1186/s40537-019-0248-6.[46] C. Kolias, G. Kambourakis, A. Stavrou, and S. Gritzalis, “Intrusion detection in 802.11 networks: Empirical evaluation of threats and a public dataset,” IEEE Communications Surveys and Tutorials, vol. 18, no. 1, pp. 184–208, Jan. 2016, doi: 10.1109/COMST.2015.2402161.[47] I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and intrusion traffic characterization,” in ICISSP 2018 - Proceedings of the 4th International Conference on Information Systems Security and Privacy, SciTePress, 2018, pp. 108–116. doi: 10.5220/0006639801080116.[48] T. Zoppi, M. Gharib, M. Atif, and A. Bondavalli, “Meta-learning to improve unsupervised intrusion detection in cyber-physical systems,” ACM Transactions on Cyber-Physical Systems, vol. 5, no. 4, Oct. 2021, doi: 10.1145/3467470.[49] E. K. Viegas, A. O. Santin, and L. S. Oliveira, “Toward a reliable anomaly-based intrusion detection in real-world environments,” Computer Networks, vol. 127, pp. 200–216, Nov. 2017, doi: 10.1016/j.comnet.2017.08.013.[50] P. Mishra, V. Varadharajan, U. Tupakula, and E. S. Pilli, “A detailed investigation and analysis of using machine learning techniques for intrusion detection,” IEEE Communications Surveys and Tutorials, vol. 21, no. 1, pp. 686–728, Jan. 2019, doi: 10.1109/COMST.2018.2847722.[51] M. Sarhan, S. Layeghy, and M. Portmann, “Towards a Standard Feature Set for Network Intrusion Detection System Datasets,” Mobile Networks and Applications, vol. 27, no. 1, pp. 357–370, Feb. 2022, doi: 10.1007/s11036-021-01843-0.[52] G. Shin, H. Yooun, D. Shin, and D. Shin, “Incremental learning method for cyber intelligence, surveillance, and reconnaissance in closed military network using converged IT techniques,” Soft Computing: A Fusion of Foundations, Methodologies and Applications, vol. 22, no. 20, pp. 6835-6835–6844, 2018, doi: 10.1007/s00500-018-3433-1.[53] D. Schlette, F. Böhm, M. Caselli, and G. Pernul, “Measuring and visualizing cyber threat intelligence quality,” Int J Inf Secur, vol. 20, no. 1, pp. 21–38, Feb. 2021, doi: 10.1007/s10207-020-00490-y.[54] C. H. Han, S. T. Park, and S. J. Lee, “The Enhanced Security Control model for critical infrastructures with the blocking prioritization process to cyber threats in power system,” International Journal of Critical Infrastructure Protection, vol. 26, Sep. 2019, doi: 10.1016/j.ijcip.2019.100312.[55] The MITRE Corporation, “Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIXTM),” 2012. [Online]. Available: http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pd[56] P. Alaeifar, S. Pal, Z. Jadidi, M. Hussain, and E. Foo, “Current approaches and future directions for Cyber Threat Intelligence sharing: A survey,” Journal of Information Security and Applications, vol. 83, Jun. 2024, doi: 10.1016/j.jisa.2024.103786.[57] D. S. Afenu, M. Asiri, and N. Saxena, “Industrial Control Systems Security Validation Based on MITRE Adversarial Tactics, Techniques, and Common Knowledge Framework,” Electronics (Switzerland), vol. 13, no. 5, Mar. 2024, doi: 10.3390/electronics13050917.[58] S. Zhang et al., “An Automatic Assessment Method of Cyber Threat Intelligence Combined with ATT&CK Matrix,” Wirel Commun Mob Comput, vol. 2022, 2022, doi: 10.1155/2022/7875910.[59] C. H. Han, S. T. Park, and S. J. Lee, “The Enhanced Security Control model for critical infrastructures with the blocking prioritization process to cyber threats in power system,” International Journal of Critical Infrastructure Protection, vol. 26, Sep. 2019, doi: 10.1016/j.ijcip.2019.100312.[60] R. M. Czekster, R. Metere, and C. Morisset, “Incorporating Cyber Threat Intelligence into Complex Cyber-Physical Systems: A STIX Model for Active Buildings,” Applied Sciences, vol. 12, no. 10, p. 5005, May 2022, doi: 10.3390/app12105005.[61] X. Bing, “Critical infrastructure protection based on memory-augmented meta-learning framework,” Neural Comput Appl, vol. 32, no. 23, pp. 17197–17208, 2020, doi: 10.1007/s00521-020-04760-7.[62] F. Skopik, G. Settanni, and R. Fiedler, “A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing,” Comput Secur, vol. 60, pp. 154–176, Jul. 2016, doi: 10.1016/j.cose.2016.04.003.[63] D. Mashima, “MITRE ATT&CK Based Evaluation on In-Network Deception Technology for Modernized Electrical Substation Systems,” Sustainability (Switzerland), vol. 14, no. 3, Feb. 2022, doi: 10.3390/su14031256.[64] A. M. Pirca and H. S. Lallie, “An empirical evaluation of the effectiveness of attack graphs and MITRE ATT&CK matrices in aiding cyber attack perception amongst decision-makers,” Comput Secur, vol. 130, Jul. 2023, doi: 10.1016/j.cose.2023.103254.[65] A. Yousaf and J. Zhou, “From sinking to saving: MITRE ATT &CK and D3FEND frameworks for maritime cybersecurity,” Int J Inf Secur, vol. 23, no. 3, pp. 1603–1618, Jun. 2024, doi: 10.1007/s10207-024-00812-4.[66] G. Ahn, J. Jang, S. Choi, and D. Shin, “Research on Improving Cyber Resilience by Integrating the Zero Trust Security Model With the MITRE ATT&CK Matrix,” IEEE Access, vol. 12, pp. 89291–89309, 2024, doi: 10.1109/ACCESS.2024.3417182.[67] L. J. B. Amaro, B. W. P. Azevedo, F. L. L. de Mendonca, W. F. Giozza, R. de O. Albuquerque, and L. J. G. Villalba, “Methodological Framework to Collect, Process, Analyze and Visualize Cyber Threat Intelligence Data,” Applied Sciences (Switzerland), vol. 12, no. 3, Feb. 2022, doi: 10.3390/app12031205.[68] E. Aboah Boateng, J. W. Bruce, and D. A. Talbert, “Anomaly Detection for a Water Treatment System Based on One-Class Neural Network,” IEEE Access, vol. 10, pp. 115179–115191, 2022, doi: 10.1109/ACCESS.2022.3218624.[69] D. Nedeljkovic and Z. Jakovljevic, “CNN based method for the development of cyber-attacks detection algorithms in industrial control systems,” Comput Secur, vol. 114, Mar. 2022, doi: 10.1016/j.cose.2021.102585.[70] B. Kim, M. A. Alawami, E. Kim, S. Oh, J. Park, and H. Kim, “A Comparative Study of Time Series Anomaly Detection Models for Industrial Control Systems,” Sensors, vol. 23, no. 3, Feb. 2023, doi: 10.3390/s23031310.[71] G. Raman MR, N. Somu, and A. P. Mathur, “A multilayer perceptron model for anomaly detection in water treatment plants,” International Journal of Critical Infrastructure Protection, vol. 31, Dec. 2020, doi: 10.1016/j.ijcip.2020.100393.[72] A. Pinto, L. C. Herrera, Y. Donoso, and J. A. Gutierrez, “Survey on Intrusion Detection Systems Based on Machine Learning Techniques for the Protection of Critical Infrastructure,” Mar. 01, 2023, Sensors. doi: 10.3390/s23052415.[73] D. P. Kingma and M. Welling, “An Introduction to Variational Autoencoders,” Jun. 2019, doi: 10.1561/2200000056.[74] R. C. Staudemeyer and E. R. Morris, “Understanding LSTM -- a tutorial into Long Short-Term Memory Recurrent Neural Networks,” Sep. 2019, [Online]. Available: http://arxiv.org/abs/1909.09586[75] A. Pinto, L. C. Herrera, Y. Donoso, and J. A. Gutierrez, “Enhancing Critical Infrastructure Security: Unsupervised Learning Approaches for Anomaly Detection,” Dec. 01, 2024, Springer Science and Business Media B.V. doi: 10.1007/s44196-024-00644-z.[76] D. Bahdanau, K. Cho, and Y. Bengio, “Neural Machine Translation by Jointly Learning to Align and Translate,” Sep. 2014, [Online]. Available: http://arxiv.org/abs/1409.0473[77] A. Vaswani et al., “Attention Is All You Need,” Jun. 2017, [Online]. Available: http://arxiv.org/abs/1706.03762[78] S. Y. Boulahia, A. Amamra, M. R. Madi, and S. Daikh, “Early, intermediate and late fusion strategies for robust deep learning-based multimodal action recognition,” Mach Vis Appl, vol. 32, no. 6, Nov. 2021, doi: 10.1007/s00138-021-01249-8.[79] T. Y. Liao, W. Wang, and Y. Xing, “A method for disturbance identification in power quality based on cross-attention fusion of temporal and spatial features,” Electric Power Systems Research, vol. 234, Sep. 2024, doi: 10.1016/j.epsr.2024.110560.[80] K. Yu, X. Qin, Z. Jia, Y. Du, and M. Lin, “Cross-attention fusion based spatial-temporal multi-graph convolutional network for traffic flow prediction,” Sensors, vol. 21, no. 24, Dec. 2021, doi: 10.3390/s21248468.[81] W. T. Lunardi, M. A. Lopez, and J.-P. Giacalone, “ARCADE: Adversarially Regularized Convolutional Autoencoder for Network Anomaly Detection,” May 2022, [Online]. Available: http://arxiv.org/abs/2205.01432[82] I. J. Goodfellow et al., “Generative Adversarial Nets,” Adv Neural Inf Process Syst, vol. 27, 2014, [Online]. Available: http://www.github.com/goodfeli/adversarial.[83] M. J. Zideh, M. R. Khalghani, and S. K. Solanki, “An unsupervised adversarial autoencoder for cyber attack detection in power distribution grids,” Electric Power Systems Research, vol. 232, Jul. 2024, doi: 10.1016/j.epsr.2024.110407.[84] Pinto Andrea, Herrera Luis Carlos, Donoso Yezid, and Gutierrez Jairo A, “Leveraging A Deep Attention-Based Adversarial Autoencoder For Anomaly Detection In Critical Infrastructures,” Int J Inf Secur, 2024.[85] Pinto Andrea, Herrera Luis Carlos, Donoso Yezid, and Gutierrez Jairo A, “Intelligence-Driven Security: Modeling Cyber Threat Intelligence for Protecting Critical Infrastructure Through GCN-LSTM Networks,” IEEE Access, 2024.[86] T. Zhu, J. Wang, Y. Zhu, H. Chen, H. Zhang, and S. Yin, “Power grid network security: A lightweight detection model for composite false data injection attacks using spatiotemporal features,” International Journal of Critical Infrastructure Protection, vol. 46, Sep. 2024, doi: 10.1016/j.ijcip.2024.100697.[87] S. B. Jeon and M. H. Jeong, “Integrating Spatio-Temporal Graph Convolutional Networks with Convolutional Neural Networks for Predicting Short-Term Traffic Speed in Urban Road Networks,” Applied Sciences (Switzerland), vol. 14, no. 14, Jul. 2024, doi: 10.3390/app14146102.[88] Y. Wang, J. Liu, and G. Qian, “Hierarchical FFT-LSTM-GCN based model for nuclear power plant fault diagnosis considering spatio-temporal features fusion,” Progress in Nuclear Energy, vol. 171, Jun. 2024, doi: 10.1016/j.pnucene.2024.105178.[89] Y. Zhang, S. Xu, L. Zhang, W. Jiang, S. Alam, and D. Xue, “Short-term multi-step-ahead sector-based traffic flow prediction based on the attention-enhanced graph convolutional LSTM network (AGC-LSTM),” Neural Comput Appl, 2024, doi: 10.1007/s00521-024-09827-3.[90] S. L(y)u, K. Wang, L. Zhang, and B. Wang, “Global-local integration for GNN-based anomalous device state detection in industrial control systems,” Expert Syst Appl, vol. 209, Dec. 2022, doi: 10.1016/j.eswa.2022.118345.[91] C. Tang, L. Xu, B. Yang, Y. Tang, and D. Zhao, “GRU-Based Interpretable Multivariate Time Series Anomaly Detection in Industrial Control System,” Comput Secur, vol. 127, Apr. 2023, doi: 10.1016/j.cose.2023.103094.[92] J. Liao, J. Li, Y. Chen, R. Gu, Y. Zhu, and W. Peng, “DPDGAD: A Dual-Process Dynamic Graph-based Anomaly Detection for multivariate time series analysis in cyber-physical systems,” Advanced Engineering Informatics, vol. 61, Aug. 2024, doi: 10.1016/j.aei.2024.102547.[93] M. Zhao, H. Peng, L. Li, and Y. Ren, “Graph Attention Network and Informer for Multivariate Time Series Anomaly Detection,” Sensors, vol. 24, no. 5, Mar. 2024, doi: 10.3390/s24051522.201421585Publicationhttps://scholar.google.es/citations?user=Razvs2MAAAAJvirtual::21811-10000-0003-1659-1522virtual::21811-1https://scienti.minciencias.gov.co/cvlac/visualizador/generarCurriculoCv.do?cod_rh=0000094706virtual::21811-16b9d423b-11e8-4930-b0d2-061b34e9806bvirtual::21811-16b9d423b-11e8-4930-b0d2-061b34e9806bvirtual::21811-1CC-LICENSElicense_rdflicense_rdfapplication/rdf+xml; charset=utf-8805https://repositorio.uniandes.edu.co/bitstreams/54b617d5-d636-4e04-b93a-9ff60689dfe6/download4460e5956bc1d1639be9ae6146a50347MD51ORIGINALDefense model to detect cyberattacks in critical infrastructures: Machine Learning And Cyber Threat Intelligence Approach.pdfDefense model to detect cyberattacks in critical infrastructures: Machine Learning And Cyber Threat Intelligence Approach.pdfapplication/pdf8494785https://repositorio.uniandes.edu.co/bitstreams/b14321b0-6510-4c1f-bd1a-a49d589fd14e/downloadbf49295b5e847a2239caac5645eb0039MD52autorizacion tesis.pdfautorizacion tesis.pdfHIDEapplication/pdf326900https://repositorio.uniandes.edu.co/bitstreams/041164cc-f15b-4d9c-a6d7-f09fda7b3a4d/download4c3679c10b9d9e83fe252b2fd7410160MD54LICENSElicense.txtlicense.txttext/plain; charset=utf-82535https://repositorio.uniandes.edu.co/bitstreams/5d3aa346-536b-4642-ab89-aa13db05b982/downloadae9e573a68e7f92501b6913cc846c39fMD53TEXTDefense model to detect cyberattacks in critical infrastructures: Machine Learning And Cyber Threat Intelligence Approach.pdf.txtDefense model to detect cyberattacks in critical infrastructures: Machine Learning And Cyber Threat Intelligence Approach.pdf.txtExtracted texttext/plain100160https://repositorio.uniandes.edu.co/bitstreams/ee185198-0192-4104-9a32-22946cd18923/download18ecbbc655be647a2f7ef510b31e07a2MD55autorizacion tesis.pdf.txtautorizacion tesis.pdf.txtExtracted texttext/plain2016https://repositorio.uniandes.edu.co/bitstreams/88c7b027-25b3-43ff-a3ad-cb48a552a103/download190dbe92b3008d32691a5ba30594cfb1MD57THUMBNAILDefense model to detect cyberattacks in critical infrastructures: Machine Learning And Cyber Threat Intelligence Approach.pdf.jpgDefense model to detect cyberattacks in critical infrastructures: Machine Learning And Cyber Threat Intelligence Approach.pdf.jpgGenerated Thumbnailimage/jpeg5655https://repositorio.uniandes.edu.co/bitstreams/8dc2a438-cf6a-4829-b4a2-269ff7556339/downloadb01e12770f8d8632458c7e79ac4ea676MD56autorizacion tesis.pdf.jpgautorizacion tesis.pdf.jpgGenerated Thumbnailimage/jpeg10866https://repositorio.uniandes.edu.co/bitstreams/5d7d60e9-5799-44fa-8680-32342ca6e670/download14c5ce6b5ea6ac71eff66892ae00b4a7MD581992/75272oai:repositorio.uniandes.edu.co:1992/752722024-12-16 10:27:37.405http://creativecommons.org/licenses/by-nc-nd/4.0/Attribution-NonCommercial-NoDerivatives 4.0 Internationalopen.accesshttps://repositorio.uniandes.edu.coRepositorio institucional Sénecaadminrepositorio@uniandes.edu.coPGgzPjxzdHJvbmc+RGVzY2FyZ28gZGUgUmVzcG9uc2FiaWxpZGFkIC0gTGljZW5jaWEgZGUgQXV0b3JpemFjacOzbjwvc3Ryb25nPjwvaDM+CjxwPjxzdHJvbmc+UG9yIGZhdm9yIGxlZXIgYXRlbnRhbWVudGUgZXN0ZSBkb2N1bWVudG8gcXVlIHBlcm1pdGUgYWwgUmVwb3NpdG9yaW8gSW5zdGl0dWNpb25hbCBTw6luZWNhIHJlcHJvZHVjaXIgeSBkaXN0cmlidWlyIGxvcyByZWN1cnNvcyBkZSBpbmZvcm1hY2nDs24gZGVwb3NpdGFkb3MgbWVkaWFudGUgbGEgYXV0b3JpemFjacOzbiBkZSBsb3Mgc2lndWllbnRlcyB0w6lybWlub3M6PC9zdHJvbmc+PC9wPgo8cD5Db25jZWRhIGxhIGxpY2VuY2lhIGRlIGRlcMOzc2l0byBlc3TDoW5kYXIgc2VsZWNjaW9uYW5kbyBsYSBvcGNpw7NuIDxzdHJvbmc+J0FjZXB0YXIgbG9zIHTDqXJtaW5vcyBhbnRlcmlvcm1lbnRlIGRlc2NyaXRvcyc8L3N0cm9uZz4geSBjb250aW51YXIgZWwgcHJvY2VzbyBkZSBlbnbDrW8gbWVkaWFudGUgZWwgYm90w7NuIDxzdHJvbmc+J1NpZ3VpZW50ZScuPC9zdHJvbmc+PC9wPgo8aHI+CjxwPllvLCBlbiBtaSBjYWxpZGFkIGRlIGF1dG9yIGRlbCB0cmFiYWpvIGRlIHRlc2lzLCBtb25vZ3JhZsOtYSBvIHRyYWJham8gZGUgZ3JhZG8sIGhhZ28gZW50cmVnYSBkZWwgZWplbXBsYXIgcmVzcGVjdGl2byB5IGRlIHN1cyBhbmV4b3MgZGUgc2VyIGVsIGNhc28sIGVuIGZvcm1hdG8gZGlnaXRhbCB5L28gZWxlY3Ryw7NuaWNvIHkgYXV0b3Jpem8gYSBsYSBVbml2ZXJzaWRhZCBkZSBsb3MgQW5kZXMgcGFyYSBxdWUgcmVhbGljZSBsYSBwdWJsaWNhY2nDs24gZW4gZWwgU2lzdGVtYSBkZSBCaWJsaW90ZWNhcyBvIGVuIGN1YWxxdWllciBvdHJvIHNpc3RlbWEgbyBiYXNlIGRlIGRhdG9zIHByb3BpbyBvIGFqZW5vIGEgbGEgVW5pdmVyc2lkYWQgeSBwYXJhIHF1ZSBlbiBsb3MgdMOpcm1pbm9zIGVzdGFibGVjaWRvcyBlbiBsYSBMZXkgMjMgZGUgMTk4MiwgTGV5IDQ0IGRlIDE5OTMsIERlY2lzacOzbiBBbmRpbmEgMzUxIGRlIDE5OTMsIERlY3JldG8gNDYwIGRlIDE5OTUgeSBkZW3DoXMgbm9ybWFzIGdlbmVyYWxlcyBzb2JyZSBsYSBtYXRlcmlhLCB1dGlsaWNlIGVuIHRvZGFzIHN1cyBmb3JtYXMsIGxvcyBkZXJlY2hvcyBwYXRyaW1vbmlhbGVzIGRlIHJlcHJvZHVjY2nDs24sIGNvbXVuaWNhY2nDs24gcMO6YmxpY2EsIHRyYW5zZm9ybWFjacOzbiB5IGRpc3RyaWJ1Y2nDs24gKGFscXVpbGVyLCBwcsOpc3RhbW8gcMO6YmxpY28gZSBpbXBvcnRhY2nDs24pIHF1ZSBtZSBjb3JyZXNwb25kZW4gY29tbyBjcmVhZG9yIGRlIGxhIG9icmEgb2JqZXRvIGRlbCBwcmVzZW50ZSBkb2N1bWVudG8uPC9wPgo8cD5MYSBwcmVzZW50ZSBhdXRvcml6YWNpw7NuIHNlIGVtaXRlIGVuIGNhbGlkYWQgZGUgYXV0b3IgZGUgbGEgb2JyYSBvYmpldG8gZGVsIHByZXNlbnRlIGRvY3VtZW50byB5IG5vIGNvcnJlc3BvbmRlIGEgY2VzacOzbiBkZSBkZXJlY2hvcywgc2lubyBhIGxhIGF1dG9yaXphY2nDs24gZGUgdXNvIGFjYWTDqW1pY28gZGUgY29uZm9ybWlkYWQgY29uIGxvIGFudGVyaW9ybWVudGUgc2XDsWFsYWRvLiBMYSBwcmVzZW50ZSBhdXRvcml6YWNpw7NuIHNlIGhhY2UgZXh0ZW5zaXZhIG5vIHNvbG8gYSBsYXMgZmFjdWx0YWRlcyB5IGRlcmVjaG9zIGRlIHVzbyBzb2JyZSBsYSBvYnJhIGVuIGZvcm1hdG8gbyBzb3BvcnRlIG1hdGVyaWFsLCBzaW5vIHRhbWJpw6luIHBhcmEgZm9ybWF0byBlbGVjdHLDs25pY28sIHkgZW4gZ2VuZXJhbCBwYXJhIGN1YWxxdWllciBmb3JtYXRvIGNvbm9jaWRvIG8gcG9yIGNvbm9jZXIuPC9wPgo8cD5FbCBhdXRvciwgbWFuaWZpZXN0YSBxdWUgbGEgb2JyYSBvYmpldG8gZGUgbGEgcHJlc2VudGUgYXV0b3JpemFjacOzbiBlcyBvcmlnaW5hbCB5IGxhIHJlYWxpesOzIHNpbiB2aW9sYXIgbyB1c3VycGFyIGRlcmVjaG9zIGRlIGF1dG9yIGRlIHRlcmNlcm9zLCBwb3IgbG8gdGFudG8sIGxhIG9icmEgZXMgZGUgc3UgZXhjbHVzaXZhIGF1dG9yw61hIHkgdGllbmUgbGEgdGl0dWxhcmlkYWQgc29icmUgbGEgbWlzbWEuPC9wPgo8cD5FbiBjYXNvIGRlIHByZXNlbnRhcnNlIGN1YWxxdWllciByZWNsYW1hY2nDs24gbyBhY2Npw7NuIHBvciBwYXJ0ZSBkZSB1biB0ZXJjZXJvIGVuIGN1YW50byBhIGxvcyBkZXJlY2hvcyBkZSBhdXRvciBzb2JyZSBsYSBvYnJhIGVuIGN1ZXN0acOzbiwgZWwgYXV0b3IgYXN1bWlyw6EgdG9kYSBsYSByZXNwb25zYWJpbGlkYWQsIHkgc2FsZHLDoSBkZSBkZWZlbnNhIGRlIGxvcyBkZXJlY2hvcyBhcXXDrSBhdXRvcml6YWRvcywgcGFyYSB0b2RvcyBsb3MgZWZlY3RvcyBsYSBVbml2ZXJzaWRhZCBhY3TDumEgY29tbyB1biB0ZXJjZXJvIGRlIGJ1ZW5hIGZlLjwvcD4KPHA+U2kgdGllbmUgYWxndW5hIGR1ZGEgc29icmUgbGEgbGljZW5jaWEsIHBvciBmYXZvciwgY29udGFjdGUgY29uIGVsIDxhIGhyZWY9Im1haWx0bzpiaWJsaW90ZWNhQHVuaWFuZGVzLmVkdS5jbyIgdGFyZ2V0PSJfYmxhbmsiPkFkbWluaXN0cmFkb3IgZGVsIFNpc3RlbWEuPC9hPjwvcD4K

Defense model to detect cyberattacks in critical infrastructures: Machine Learning And Cyber Threat Intelligence Approach

Publicaciones similares