Abstract
Today, the use of Ethernet-based protocols in industrial control systems (ICS) communications has led to the emergence of attacks based on information technology (IT) on supervisory control and data acquisition systems. In addition, the familiarity of Ethernet and TCP/IP protocols and the diversity and success of attacks on them raises security risks and cyber threats for ICS. This issue is compounded by the absence of encryption, authorization, and authentication mechanisms due to the development of industrial communications protocols only for performance purposes. Recent zero-day attacks, such as Triton, Stuxnet, Havex, Dragonfly, and Blackenergy, as well as the Ukraine cyber-attack, are possible because of the vulnerabilities of the systems; these attacksare carried by the protocols used in communication between PLC and I/O units or HMI and engineering stations. It is evident that there is a need for robust solutions that detect and prevent protocol-based cyber threats. In this paper, machine learning methods are evaluated for anomaly detection, particularly for EtherCAT-based ICS. To the best of the author's knowledge, there has been no research focusing on machine learning algorithms for anomaly detection of EtherCAT. Before testing anomaly detection, an EtherCAT-based water level control system testbed was developed. Then, a total of 16 events were generated in four categories and applied on the testbed. The dataset created was used for anomaly detection. The results showed that the k-nearest neighbors (k-NN) and support vector machine with genetic algorithm (SVM GA) models perform best among the 18 techniques applied. In addition to detecting anomalies, the methods are able to flag the attack types better than other techniques and are applicable in EtherCAT networks. Also, the dataset and events can be used for further studies since it is difficult to obtain data for ICS due to its critical infrastructure and continuous real-time operation.
Highlights
To ensure sustainability and maintain security, critical infrastructure networks need to be operated and monitored continuously
The critical infrastructure assets that provide this structure are called industrial control systems (ICS), and control of ICS is provided by supervisory control and data acquisition (SCADA) systems
This became a modern structure known as the Purdue model, where the computer-integrated manufacturing reference model levels were divided into zones and security parameters were added [1], [2]
Summary
To ensure sustainability and maintain security, critical infrastructure networks need to be operated and monitored continuously. Later, this became a modern structure known as the Purdue model, where the computer-integrated manufacturing reference model levels were divided into zones and security parameters were added [1], [2]. The EtherCAT protocol, which is widely used in ICS applications, supports all of the management, cell, field and sensor/actuator levels in computer-integrated manufacturing and meets all communication needs of level 0 to 5 in the Purdue reference model. The fact that the protocol is Ethernet-based has enabled EtherCAT-based ICS to open up to the outside world with the integration with TCP/IP and many services such as web, FTP and mail which are offered in IT This integration has made the systems vulnerable to attacks over Ethernet. This study contributes to EtherCAT-based ICS environments from a security perspective
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
