Abstract
With the integration of the modern industrial control systems (ICS) with the Internet technology, ICS can make full use of the rich resources on the Internet to facilitate remote process control. However, every coin has two sides. More exposure to the outside IT world has made ICS an attractive target for hackers, so it becomes urgent to protect the security of ICS. Skilled attackers can penetrate control networks and then manipulate sensor readings or control signals persistently until the system crashes, while still keeping themselves undetected by following the expected behavior of the system closely. This kind of attacks are referred to as stealthy attacks. As far as we know, many existing intrusion detection techniques only investigate the magnitudes of behavior residuals, so they cannot detect this kind of stealthy attacks. In this paper, we discover that residuals generated during stealthy attacks exhibit significant skewness compared to attack-free residuals. Based on the new observation, we propose an effective and fast technique to detect stealthy attacks against ICS based on residual skewness analysis. Skewness coefficients can distinguish the counterfeited residuals from the attack-free residuals effectively. A larger absolute value of the skewness coefficient generally indicates the occurrence of a more intense stealthy attack. Finally, we conduct comprehensive experiments to verify the effectiveness and efficiency of the proposed stealthy attack detection approach.
Highlights
Nowadays, industrial control systems (ICS) [1] play a very important role in national critical infrastructures, such as smart grids [2,3,4], water treatment systems [5], chemical processing plants [6], oil and natural gas pipelines [7], or large-scale communication systems [8]
We propose an effective and much faster stealthy attack detection technique based on residual skewness analysis of system behaviors, which is more suitable for the real-time requirement of industrial control systems
There is a small number of large values in the right-hand tail of the distribution, which comes from the artificial random sequence rrand, and a large number of small values in the left hand, which comes from the original residual sequence ro for testing
Summary
Industrial control systems (ICS) [1] play a very important role in national critical infrastructures, such as smart grids [2,3,4], water treatment systems [5], chemical processing plants [6], oil and natural gas pipelines [7], or large-scale communication systems [8]. We propose an effective and much faster stealthy attack detection technique based on residual skewness analysis of system behaviors, which is more suitable for the real-time requirement of industrial control systems. Traditional IDS based on network traffic analysis [24] generally extract information such as source and destination IP addresses and ports, traffic durations, and average time intervals between adjacent packets, and apply data mining technologies to these collected information to identify abnormal system behaviors. In order to improve detection efficiency, some researchers utilized techniques like the ant colony algorithm [36] and the principal component analysis method [37] to remove redundant traffic features
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: EURASIP Journal on Wireless Communications and Networking
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
