Abstract
Abstract This article presents three-tiered intrusion detection systems, which uses a supervised approach to detect cyber-attacks in industrial control systems networks. The proposed approach does not only aim to identify malicious packets on the network but also attempts to identify the general and finer grain attack type occurring on the network. This is key in the industrial control systems environment as the ability to identify exact attack types will lead to an increased response rate to the incident and the defence of the infrastructure. More specifically, the proposed system consists of three stages that aim to classify: (i) whether packets are malicious; (ii) the general attack type of malicious packets (e.g. Denial of Service); and (iii) finer-grained cyber-attacks (e.g. bad cyclic redundancy check, attack). The effectiveness of the proposed intrusion detection systems is evaluated on network data collected from a real industrial gas pipeline system. In addition, an insight is provided as to which features are most relevant in detecting such malicious behaviour. The performance of the system results in an F-measure of: (i) 87.4%, (ii) 74.5% and (iii) 41.2%, for each of the layers, respectively. This demonstrates that the proposed architecture can successfully distinguish whether network activity is malicious and detect which general attack was deployed.
Highlights
Critical national infrastructure concepts such as manufacturing, smart grids, water treatment plants, gas and oil refineries, and healthcare are heavily dependent on industrial control systems (ICSs)
We can see that significant work has been undertaken to identify malicious and benign traffic, only two previous papers have attempted to drill into the attack traffic in more detail to categorize them as general types, and none to date have identified specific attacks
Detecting cyber-attacks When detecting malicious behaviour, the Random Forest achieved the best classification performance with an F-measure of 87.4%
Summary
Critical national infrastructure concepts such as manufacturing, smart grids, water treatment plants, gas and oil refineries, and healthcare are heavily dependent on industrial control systems (ICSs). Such systems include supervisory control and data acquisition (SCADA) systems, which are computer systems responsible for gathering and analysing real-time data, distributed control systems which is a specially designed automated control system that consists of geographically distributed control elements, and other smaller control systems such as programmable logic controllers which are industrial solidstate computers that monitor inputs and outputs and make logicbased decisions for automated processes or machines [1]. Such attacks included the Stuxnet attack [4] which targeted the Iranian nuclear enrichment plant and led to physical damages and delayed operations, the Ohio Nuclear Power Plant attack [5] which crashed the safety parameter display system, and the Ukrainian Power grid attack [6] which left approximately 225,000 people without electricity
Published Version (Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.