Abstract
Critical infrastructures, e.g., electricity generation and dispersal networks, chemical processing plants, and gas distribution, are governed and monitored by supervisory control and data acquisition systems (SCADA). Detecting intrusion is a prevalent area of study for numerous years, and several intrusion detection systems have been suggested in the literature for cyber-physical systems and industrial control system (ICS). In recent years, the viruses seismic net, duqu, and flame against ICS attacks have caused tremendous damage to nuclear facilities and critical infrastructure in some countries. These intensified attacks have sounded the alarm for the security of the ICS in many countries. The challenge in constructing an intrusion detection framework is to deal with unbalanced intrusion datasets, i.e. when one class is signified by a lesser amount of instances (minority class). To this end, we outline an approach to deal with this issue and propose an anomaly detection method for the ICS. Our proposed approach uses a hybrid model that takes advantage of the anticipated and consistent nature of communication patterns that occur among ground devices in ICS setups. First, we applied some preprocessing techniques to standardize and scale the data. Second, the dimensionality reduction algorithms are applied to improve the process of anomaly detection. Third, we employed an edited nearest-neighbor rule algorithm to balance the dataset. Fourth, by using the Bloom filter, a signature database is created by noting the system for a specific period lacking the occurrence of abnormalities. Finally, to detect new attacks, we combined our package contents-level detection with another instance-based learner to make a hybrid method for anomaly detection. The experimental results with a real large-scale dataset generated from a gas pipeline SCADA system show that the proposed approach HML-IDS outperforms the benchmark models with an accuracy rate of 97%.
Highlights
Industrial control systems (ICS) are composed of groupings of software, hardware, setups, networks, links and operators, orchestrate, and govern numerous tasks required to perform complex chores such as the distribution of useful facilities and the implementation of complex and distinct industrial procedures
Numerous real-world familiar cases and cyber-attacks that affect these systems are reported [5], which undoubtedly prove vulnerabilities of such infrastructures. Even though this issue has been briefly considered for research in the IT security community, narrow work has been piloted to build anomaly detection systems (ADS) that are specific to ICS
To preserve the notion of generality, we exemplify the network data traded between devices in SCADA network as a series based on time, A = {a(1), a(2), . . . , a(n)}, in which every point a(t) in the chain is a vector in k-dimensions {a(1t), a(2t), . . . , a(kt)}, where the elements tally to k features that can be mined from data among the devices
Summary
Industrial control systems (ICS) are composed of groupings of software, hardware, setups, networks, links and operators, orchestrate, and govern numerous tasks required to perform complex chores such as the distribution of useful facilities and the implementation of complex and distinct industrial procedures. To indorse greater output and proficient remote-control, adaptations of smart information and communication technologies (ICT) have been broadly merged into ICS where the utmost number of modules are longstanding, initially not secure by design and difficult to upgrade Such progression of ICS shapes up an association between cyber worlds and the physical world, and expose them to cyber-attacks. Numerous real-world familiar cases and cyber-attacks that affect these systems are reported [5], which undoubtedly prove vulnerabilities of such infrastructures Even though this issue has been briefly considered for research in the IT security community, narrow work has been piloted to build anomaly detection systems (ADS) that are specific to ICS. Detecting anomaly in ICS cannot merely hang on information from network protocol; some more supplementary material associated to the control of physical process required to be inspected.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
