scholarly journals A Machine Learning Approach for Anomaly Detection in Industrial Control Systems Based on Measurement Data

Electronics ◽  
2021 ◽  
Vol 10 (4) ◽  
pp. 407 ◽  
Author(s):  
Sohrab Mokhtari ◽  
Alireza Abbaspour ◽  
Kang K. Yen ◽  
Arman Sargolzaei
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Control Systems ◽  
Intrusion Detection System ◽  
Detection System ◽  
Measurement Data ◽  
Traffic Monitoring ◽  
Supervised Machine Learning ◽  
Industrial Control ◽  
Industrial Control Systems

Attack detection problems in industrial control systems (ICSs) are commonly known as a network traffic monitoring scheme for detecting abnormal activities. However, a network-based intrusion detection system can be deceived by attackers that imitate the system’s normal activity. In this work, we proposed a novel solution to this problem based on measurement data in the supervisory control and data acquisition (SCADA) system. The proposed approach is called measurement intrusion detection system (MIDS), which enables the system to detect any abnormal activity in the system even if the attacker tries to conceal it in the system’s control layer. A supervised machine learning model is generated to classify normal and abnormal activities in an ICS to evaluate the MIDS performance. A hardware-in-the-loop (HIL) testbed is developed to simulate the power generation units and exploit the attack dataset. In the proposed approach, we applied several machine learning models on the dataset, which show remarkable performances in detecting the dataset’s anomalies, especially stealthy attacks. The results show that the random forest is performing better than other classifier algorithms in detecting anomalies based on measured data in the testbed.

scholarly journals Measurement data intrusion detection in industrial control systems based on unsupervised learning

2021 ◽  
Vol 1 (1) ◽  
pp. 61-74
Author(s):  
Sohrab Mokhtari ◽  
◽  
Kang K Yen
Keyword(s):  
Intrusion Detection ◽  
Unsupervised Learning ◽  
Control Systems ◽  
Intrusion Detection System ◽  
Detection System ◽  
Measurement Data ◽  
Abnormal Behavior ◽  
Learning Models ◽  
Industrial Control ◽  
Industrial Control Systems

<abstract><p>Anomaly detection strategies in industrial control systems mainly investigate the transmitting network traffic called network intrusion detection system. However, The measurement intrusion detection system inspects the sensors data integrated into the supervisory control and data acquisition center to find any abnormal behavior. An approach to detect anomalies in the measurement data is training supervised learning models that can learn to classify normal and abnormal data. But, a labeled dataset consisting of abnormal behavior, such as attacks, or malfunctions is extremely hard to achieve. Therefore, the unsupervised learning strategy that does not require labeled data for being trained can be helpful to tackle this problem. This study evaluates the performance of unsupervised learning strategies in anomaly detection using measurement data in control systems. The most accurate algorithms are selected to train unsupervised learning models, and the results show an accuracy of 98% in stealthy attack detection.</p></abstract>

A Distributed IDS for Industrial Control Systems

2014 ◽  
Vol 4 (2) ◽  
pp. 1-22 ◽  
Author(s):  
Tiago Cruz ◽  
Jorge Proença ◽  
Paulo Simões ◽  
Matthieu Aubigny ◽  
Moussa Ouedraogo ◽  
...  
Keyword(s):  
Control Systems ◽  
Supervisory Control ◽  
Intrusion Detection System ◽  
Detection System ◽  
Threat Detection ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Domain Specific ◽  
Remote Management ◽  
Distributed Intrusion Detection

Cyber-threats are one of the most significant problems faced by modern Industrial Control Systems (ICS), such as SCADA (Supervisory Control and Data Acquisition) systems, as the vulnerabilities of ICS technology become serious threats that can ultimately compromise human lives. This situation demands a domain-specific approach to cyber threat detection within ICS, which is one of the most important contributions of the CockpitCI FP7 project (http://CockpitCI.eu). Specifically, this paper will present the CockpitCI distributed Intrusion Detection System (IDS) for ICS, which provides its core cyber-detection and analysis capabilities, also including a description of its components, in terms of role, operation, integration, and remote management. Moreover, it will also introduce and describe new domain-specific solutions for ICS security such as the SCADA Honeypot and the Shadow Security Unit, which are part of the CockcpitCI IDS framework.

Machine Learning-Based Early Intrusion Detection System in Industrial LAN Networks Using Honeypots

2021 ◽  
Author(s):  
Abbasgholi Pashaei ◽  
Mohammad Esmaeil Esmaeil Akbari ◽  
‪Mina Zolfy Lighvan ◽  
Asghar Charmin
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positives ◽  
Environmental Damage ◽  
Financial Loss ◽  
Industrial Control ◽  
High Detection Rate ◽  
Industrial Systems

Abstract The emergence of industrial Cyberinfrastructures, the development of information communication technology in industrial fields, and the remote accessibility of automated Industrial Control Systems (ICS) lead to various cyberattacks on industrial networks and Supervisory Control and Data Acquisition (SCADA) networks. The development of ICS industry-specific cybersecurity mechanisms can reduce the vulnerability of systems to fire, explosion, human accidents, environmental damage, and financial loss. Given that vulnerabilities are the points of penetration into industrial systems, and using these weaknesses, threats are organized, and intrusion into industrial systems occurs. Thus, it is essential to continuously improve the security of the networks of industrial control facilities. Traditional intrusion detection systems have been shown to be sluggish and prone to false positives. As a result, these algorithms' performance and speed must be improved. This paper proposes a novel Honeypot enhanced industrial Early Intrusion Detection System (EIDS) incorporated with Machine Learning (ML) algorithms. The proposed scheme collects data from all sensors of Honeypot and industrial devices from the industrial control network, stores it in the database of EIDS, analyses it using expert ML algorithms. The designed system for early intrusion detection can protect industrial systems against vulnerabilities by alerting the shortest possible time using online data mining in the EIDS database. The results show that the proposed EIDS detects anomalous behavior of the data with a high detection rate, low false positives, and better classification accuracy.

Sign in / Sign up

Export Citation Format

Share Document