ICS Cyber Attack Analysis and a New Diagnosis Approach

Abstract

Artificial Intelligence and Machine Learning technologies have a widespread use in many disciplines thanks to raw data processing and computational power. The capabilities of these technologies will enable the identification of legal and illegal traffic/behavior by classifying these data rapidly and without damaging the continuity of the system through the high amount of network traffic/behavior, which is one of the biggest problems in the field of cyber security. In this respect, artificial intelligence and machine learning technologies will provide valuable contributions in protecting Industrial Control Systems (ICS), which play an important role in the control of critical infrastructures such as electrical power generation-transmission-distribution systems, nuclear power plants, gas and water, against cyber-attack. In this study, it is aimed to reveal the anatomy of the attacks by executing denial of service, Start/Stop, and the man in the middle attacks to PLCs, an important component of ICS. In the test environment created in the study, the attacks on the real two types of PLCs were analyzed. The analyzes focused to obtain the rule sequences, which can be used by the artificial intelligence and machine learning technologies, by benefitting from data sets obtained in the test environment. In this way, a new security approach has been created for ICS. The results also revealed the importance of PLCs’ vulnerability to attacks and the continuous monitoring of the network in order to detect and identify the attacks as soon as possible and to protect the ICS and to maintain its continuous functioning.