A Review of Intrusion Detection Systems for Industrial Control Systems

2019 ◽  
Author(s):  
Mohamad Kaouk ◽  
Jean-Marie Flaus ◽  
Marie-Laure Potet ◽  
Roland Groz
Keyword(s):  
Intrusion Detection ◽  
Control Systems ◽  
Intrusion Detection Systems ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Detection Systems

scholarly journals A survey of intrusion detection on industrial control systems

2018 ◽  
Vol 14 (8) ◽  
pp. 155014771879461 ◽  
Author(s):  
Yan Hu ◽  
An Yang ◽  
Hong Li ◽  
Yuyan Sun ◽  
Limin Sun
Keyword(s):  
Intrusion Detection ◽  
Control Systems ◽  
Internet Technology ◽  
Security Requirements ◽  
Intrusion Detection Systems ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Detection Systems ◽  
Advantages And Disadvantages ◽  
Detection Technology

The modern industrial control systems now exhibit an increasing connectivity to the corporate Internet technology networks so as to make full use of the rich resource on the Internet. The increasing interaction between industrial control systems and the outside Internet world, however, has made them an attractive target for a variety of cyber attacks, raising a great need to secure industrial control systems. Intrusion detection technology is one of the most important security precautions for industrial control systems. It can effectively detect potential attacks against industrial control systems. In this survey, we elaborate on the characteristics and the new security requirements of industrial control systems. After that, we present a new taxonomy of intrusion detection systems for industrial control systems based on different techniques: protocol analysis based, traffic mining based, and control process analysis based. In addition, we analyze the advantages and disadvantages of different categories of intrusion detection systems and discuss some future developments of intrusion detection systems for industrial control systems, in order to promote further research on intrusion detection technology for industrial control systems.

scholarly journals A three-tiered intrusion detection system for industrial control systems

2021 ◽  
Vol 7 (1) ◽  
Author(s):  
Eirini Anthi ◽  
Lowri Williams ◽  
Pete Burnap ◽  
Kevin Jones
Keyword(s):  
Intrusion Detection ◽  
Control Systems ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Network Activity ◽  
Intrusion Detection Systems ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Detection Systems ◽  
Attack Type

Abstract This article presents three-tiered intrusion detection systems, which uses a supervised approach to detect cyber-attacks in industrial control systems networks. The proposed approach does not only aim to identify malicious packets on the network but also attempts to identify the general and finer grain attack type occurring on the network. This is key in the industrial control systems environment as the ability to identify exact attack types will lead to an increased response rate to the incident and the defence of the infrastructure. More specifically, the proposed system consists of three stages that aim to classify: (i) whether packets are malicious; (ii) the general attack type of malicious packets (e.g. Denial of Service); and (iii) finer-grained cyber-attacks (e.g. bad cyclic redundancy check, attack). The effectiveness of the proposed intrusion detection systems is evaluated on network data collected from a real industrial gas pipeline system. In addition, an insight is provided as to which features are most relevant in detecting such malicious behaviour. The performance of the system results in an F-measure of: (i) 87.4%, (ii) 74.5% and (iii) 41.2%, for each of the layers, respectively. This demonstrates that the proposed architecture can successfully distinguish whether network activity is malicious and detect which general attack was deployed.

scholarly journals Intrusion Detection for Industrial Control Systems Based on Open Set Artificial Neural Network

2021 ◽  
Vol 2021 ◽  
pp. 1-14
Author(s):  
Chao Wang ◽  
Bailing Wang ◽  
Yunxiao Sun ◽  
Yuliang Wei ◽  
Kai Wang ◽  
...  
Keyword(s):  
Neural Network ◽  
Artificial Neural Network ◽  
Intrusion Detection ◽  
Control Systems ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Open Set ◽  
The Neural Network ◽  
Center Loss ◽  
Artificial Neural

The security of industrial control systems (ICSs) has received a lot of attention in recent years. ICSs were once closed networks. But with the development of IT technologies, ICSs have become connected to the Internet, increasing the potential of cyberattacks. Because ICSs are so tightly linked to human lives, any harm to them could have disastrous implications. As a technique of providing protection, many intrusion detection system (IDS) studies have been conducted. However, because of the complicated network environment and rising means of attack, it is difficult to cover all attack classes, most of the existing classification techniques are hard to deploy in a real environment since they cannot deal with the open set problem. We propose a novel artificial neural network based-methodology to solve this problem. Our suggested method can classify known classes while also detecting unknown classes. We conduct research from two points of view. On the one hand, we use the openmax layer instead of the traditional softmax layer. Openmax overcomes the limitations of softmax, allowing neural networks to detect unknown attack classes. During training, on the other hand, a new loss function termed center loss is implemented to improve detection ability. The neural network model learns better feature representations with the combined supervision of center loss and softmax loss. We evaluate the neural network on NF-BoT-IoT-v2 and Gas Pipeline datasets. The experiments show our proposed method is comparable with the state-of-the-art algorithm in terms of detecting unknown classes. But our method has a better overall classification performance.

Preemptive: an integrated approach to intrusion detection and prevention in industrial control systems

2017 ◽  
Vol 13 (2/3) ◽  
pp. 206 ◽  
Author(s):  
Estefanía Etchevés Miciolino ◽  
Dario Di Noto ◽  
Federico Griscioli ◽  
Maurizio Pizzonia ◽  
Jörg Kippe ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Control Systems ◽  
Integrated Approach ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Intrusion Detection And Prevention

scholarly journals Industrial Control Intrusion Detection Approach Based on Multiclassification GoogLeNet-LSTM Model

2019 ◽  
Vol 2019 ◽  
pp. 1-11 ◽  
Author(s):  
Ankang Chu ◽  
Yingxu Lai ◽  
Jing Liu
Keyword(s):  
Intrusion Detection ◽  
Control Systems ◽  
Short Term Memory ◽  
False Positive Rate ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Softmax Classifier ◽  
Modbus Protocol ◽  
Communication Processes ◽  
Detection Approach

Intrusion detection is essential for ensuring the security of industrial control systems. However, conventional intrusion detection approaches are unable to cope with the complexity and ever-changing nature of industrial intrusion attacks. In this study, we propose an industrial control intrusion detection approach based on a combined deep learning model for communication processes that use the Modbus protocol. Initially, the network packets are classified as carrying information and noncarrying information based on key fields according to the communication protocol used. Next, a template comparison approach is employed to detect the network packets that do not carry any information. Furthermore, an approach based on a GoogLeNet-long short-term memory model is used to detect the network packets that do carry information. This approach involves network packet sequence construction, feature extraction, and time-series level detection. Subsequently, the detected intrusions are classified into multiple categories through a Softmax classifier. A gas pipeline dataset of the Modbus protocol is used to evaluate the proposed approach and compare it with existing strategies. The accuracy, false-positive rate, and miss rate are 97.56%, 2.42%, and 2.51%, respectively, thus confirming that the proposed approach is suitable for intrusion detection in industrial control systems.

scholarly journals Measurement data intrusion detection in industrial control systems based on unsupervised learning

2021 ◽  
Vol 1 (1) ◽  
pp. 61-74
Author(s):  
Sohrab Mokhtari ◽  
◽  
Kang K Yen
Keyword(s):  
Intrusion Detection ◽  
Unsupervised Learning ◽  
Control Systems ◽  
Intrusion Detection System ◽  
Detection System ◽  
Measurement Data ◽  
Abnormal Behavior ◽  
Learning Models ◽  
Industrial Control ◽  
Industrial Control Systems

<abstract><p>Anomaly detection strategies in industrial control systems mainly investigate the transmitting network traffic called network intrusion detection system. However, The measurement intrusion detection system inspects the sensors data integrated into the supervisory control and data acquisition center to find any abnormal behavior. An approach to detect anomalies in the measurement data is training supervised learning models that can learn to classify normal and abnormal data. But, a labeled dataset consisting of abnormal behavior, such as attacks, or malfunctions is extremely hard to achieve. Therefore, the unsupervised learning strategy that does not require labeled data for being trained can be helpful to tackle this problem. This study evaluates the performance of unsupervised learning strategies in anomaly detection using measurement data in control systems. The most accurate algorithms are selected to train unsupervised learning models, and the results show an accuracy of 98% in stealthy attack detection.</p></abstract>

Sign in / Sign up

Export Citation Format

Share Document