% 
% This file was created by the TYPO3 extension
% bib
% --- Timezone: CEST
% Creation date: 2024-05-19
% Creation time: 17-29-17
% --- Number of references
% 1
% 

@Inproceedings { 2023_wolsing_ensemble,
   title = {One IDS is not Enough! Exploring Ensemble Learning for Industrial Intrusion Detection},
   year = {2023},
   month = {9},
   day = {25},
   volume = {14345},
   pages = {102-122},
   abstract = {Industrial Intrusion Detection Systems (IIDSs) play a critical role in safeguarding Industrial Control Systems (ICSs) against targeted cyberattacks. Unsupervised anomaly detectors, capable of learning the expected behavior of physical processes, have proven effective in detecting even novel cyberattacks. While offering decent attack detection, these systems, however, still suffer from too many False-Positive Alarms (FPAs) that operators need to investigate, eventually leading to alarm fatigue. To address this issue, in this paper, we challenge the notion of relying on a single IIDS and explore the benefits of combining multiple IIDSs. To this end, we examine the concept of ensemble learning, where a collection of classifiers (IIDSs in our case) are combined to optimize attack detection and reduce FPAs. While training ensembles for supervised classifiers is relatively straightforward, retaining the unsupervised nature of IIDSs proves challenging. In that regard, novel time-aware ensemble methods that incorporate temporal correlations between alerts and transfer-learning to best utilize the scarce training data constitute viable solutions. By combining diverse IIDSs, the detection performance can be improved beyond the individual approaches with close to no FPAs, resulting in a promising path for strengthening ICS cybersecurity.},
   note = {Lecture Notes in Computer Science (LNCS), Volume 14345},
   keywords = {Intrusion Detection; Ensemble Learning; ICS},
   tags = {internet-of-production, rfc},
   url = {https://jpennekamp.de/wp-content/papercite-data/pdf/wkw+23.pdf},
   publisher = {Springer},
   booktitle = {Proceedings of the 28th European Symposium on Research in Computer Security (ESORICS '23),  September 25-29, 2023, The Hague, The Netherlands},
   event_place = {The Hague, The Netherlands},
   event_name = {28th European Symposium on Research in Computer Security (ESORICS '23)},
   event_date = {September 25-29, 2023},
   ISBN = {978-3-031-51475-3},
   ISSN = {0302-9743},
   DOI = {10.1007/978-3-031-51476-0_6},
   reviewed = {1},
   author = {Wolsing, Konrad and Kus, Dominik and Wagner, Eric and Pennekamp, Jan and Wehrle, Klaus and Henze, Martin}
}