Abstract
Function control, which is an essential link in industrial automation, is undergoing a growing integration with ICTs (Information Communication Technologies) because of the flexible manufacturing and convenient interoperability in CPSs (Cyber-Physical Systems). However, it has also brought the increasing dangers of cyberattacks caused by malicious or intentional industrial process control exploitations. In order to effectively detect these cyber intrusions and anomalies, this paper proposes a function-aware anomaly detection approach based on WNN (Wavelet Neural Network), which perceives the abnormal function control changes in industrial control communication. By appropriately extracting the time-related function control characteristics from industrial communication packets, this approach builds an optimized wavelet neural network to model the normal function control behaviors and calculates the detection threshold to differentiate the aberrant industrial process control activities. Additionally, a real-world control system, whose communication protocol is Modbus/TCP, is simulated to furnish the analyzed function control data. According to the experimental results, we fully demonstrate this approach has the fine detection accuracy and adequate real-time capability.
Highlights
Nowadays, almost all CPSs (Cyber-Physical Systems) in critical infrastructures concerning the national economy and the people’s livelihood have developed industrial control systems to realize significant automation of industrial processes [1, 2]
Information communication technologies have a positive influence on strengthening traditional industrial control systems [5]
According to the ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) statistics [7], the ICS-CERT incident response team generalized and analyzed 290 industrial security incidents in 2016, and more and more sophisticated attacks against industrial control systems are developed by the adversaries
Summary
Almost all CPSs (Cyber-Physical Systems) in critical infrastructures (such as electrical and petrochemical systems, sewage systems, and transportation systems) concerning the national economy and the people’s livelihood have developed industrial control systems to realize significant automation of industrial processes [1, 2]. We propose a function-aware anomaly detection approach based on WNN (Wavelet Neural Network) to identify industrial communication intrusions or anomalies. These intrusions or anomalies may cause the function control changes in industrial control communication. Our approach extracts the time-related features from the communication packets to describe the function control characteristics and build an optimal behavior model based on WNN by using the normal function control samples. The major contributions and advantages of this paper involve three aspects: Firstly, we propose a novel time-related feature calculation and construction algorithm to adequately describe the function control characteristics, and this algorithm can slickly extract function control behaviors from industrial control communication activities. We design an original function control feature calculation and construction algorithm to overcome this difficulty
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have