Abstract
Recently, devices in real-time systems, such as residential facilities, vehicles, factories, and social infrastructure, have been increasingly connected to communication networks. Although these devices provide administrative convenience and enable the development of more sophisticated control systems, critical cybersecurity concerns and challenges remain. In this paper, we propose a hybrid anomaly detection method that combines statistical filtering and a composite autoencoder to effectively detect anomalous behaviors possibly caused by malicious activity in order to mitigate the risk of cyberattacks. We used the SWaT dataset, which was collected from a real water treatment system, to conduct a case study of cyberattacks on industrial control systems to validate the performance of the proposed approach. We then evaluated the performance of the proposed hybrid detection method on a dataset with two time window settings for the composite autoencoder. According to the experimental results, the proposed method improved the precision, recall, and F1-score by up to 0.008, 0.067, and 0.039, respectively, compared to an autoencoder-only approach. Moreover, we evaluated the computational cost of the proposed method in terms of execution time. The execution time of the proposed method was reduced by up to 8.03% compared to that of an autoencoder-only approach. Through the experimental results, we show that the proposed method detected more anomalies than an autoencoder-only detection approach and it also operated significantly faster.
Highlights
A wide variety of devices have been connected to communication networks in real-time control systems, such as residential facilities, vehicles, factories, and social infrastructure
For the signature-based detection, we used the standard deviations computed from normal data as the classification criteria; We evaluate the detection performance of the proposed method and present experimental results demonstrating that it outperformed the existing autoencoder-only method on the secure water treatment (SWaT) dataset
We proposed a hybrid anomaly detection method combining signaturebased and behavior-based methods for a real-time control system using statistical filtering and a composite autoencoder (CAE), respectively
Summary
A wide variety of devices have been connected to communication networks in real-time control systems, such as residential facilities, vehicles, factories, and social infrastructure These devices or systems were physically controlled in the past, but administrators can manage and control them efficiently and remotely because of this increased network connectivity. ICSs are used to control industrial processes, such as manufacturing, product handling, production, and distribution The majority of these systems monitor complex industrial processes and critical infrastructure that deliver power, water, transportation, manufacturing, and other essential services. Owing to this fundamental importance, ICSs are considered as major targets for cybercriminals. Many attacks have been conducted targeting supervisory control and data acquisition (SCADA)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
