Abstract
Currently, most anomaly detection approaches in industrial control systems (ICSs) use network event logs to build models, and current unsupervised machine learning methods rarely use spatiotemporal correlations and other dependencies between multiple variables (sensors/actuators) in a system to detect anomalies. Most of the existing anomaly detection technologies simply compare the current states with the predicted normal range. Due to the highly dynamic characteristic of industrial control systems, it is insufficient to simply compare the current states with the predicted normal range. As a result, these approaches have low detection rates for unknown or new types of attacks. In view of these shortcomings, this paper presents a network model for predicting sensor/controller parameters in industrial control systems. To predict the parameter values of the sensors and controllers more accurately, the 1D convolutional neural network (1D_CNN) and gated recurrent unit (GRU) are combined to fully learn the spatiotemporal correlation and other dependencies between the parameter values of the sensors and controllers at each moment. An abnormal state detection method based on the calculation of the statistical deviation is proposed to realize the anomaly detection of industrial control systems. The model is validated on the Secure Water Treatment (SWaT) dataset. The precision, recall and F1 scores are used to evaluate the effectiveness of this method in anomaly detection on the SWaT dataset. The experimental results show that the average precision and recall of this method are 0.99 and 0.85, respectively, and that the average F1 score is 0.91. The experimental results show that the proposed method can be successfully applied to anomaly detection systems in industrial control systems with lower false positive rates.
Highlights
Industrial control systems (ICSs), such as SCADA, DCS and programmable logic controllers (PLCs), have been widely used in industry, energy, transportation, water conservancy, municipal, and other national key infrastructure fields and are the core part of industrial automation [1]
Compared with the model based on the DNN, the precision of the model based on the stacked denoising autoencoder (SDA) and 1D convolutional neural network (1D_CNN) is improved, the precision is increased by 1.3% and the recall rate is much better than that of the model based on the DNN, the recall is increased by 17%, so the F1 score of the model is nearly 11% different
To fully use the spatiotemporal correlations and other dependencies between multiple variables in a system to detect anomalies, a model based on the SDA combined with the 1D_CNN and gated recurrent unit (GRU) was introduced, which was applied to the abnormal state detection of the Secure Water Treatment (SWaT) dataset, successfully realized the detection of multiple types of attacks on the physical control level of the industrial control system, and achieved a higher precision and recall rate, improving the F1 score of the detection system
Summary
Industrial control systems (ICSs), such as SCADA, DCS and PLC, have been widely used in industry, energy, transportation, water conservancy, municipal, and other national key infrastructure fields and are the core part of industrial automation [1]. Kurt et al [12] modeled a power grid system studied as a discrete time linear dynamic system and proposed a distributed dynamic state estimation algorithm based on a Kalman filter to estimate the system state, which greatly reduced the response time of the detector to detect structural and random attacks and improved the detection accuracy. These methods can greatly improve the accuracy of anomaly detection, it is difficult to build these models, which requires an in-depth understanding of the physical system and familiarity with the control process of the system [12]. A higher F1 score for anomaly detection on the SWaT dataset when using our method
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.