Abstract
In recent decades, Industrial Control Systems (ICS) have been affected by heterogeneous cyberattacks that have a huge impact on the physical world and the people’s safety. Nowadays, the techniques achieving the best performance in the detection of cyber anomalies are based on Machine Learning and, more recently, Deep Learning. Due to the incipient stage of cybersecurity research in ICS, the availability of datasets enabling the evaluation of anomaly detection techniques is insufficient. In this paper, we propose a methodology to generate reliable anomaly detection datasets in ICS that consists of four steps: attacks selection, attacks deployment, traffic capture and features computation. The proposed methodology has been used to generate the Electra Dataset, whose main goal is the evaluation of cybersecurity techniques in an electric traction substation used in the railway industry. Using the Electra dataset, we train several Machine Learning and Deep Learning models to detect anomalies in ICS and the performed experiments show that the models have high precision and, therefore, demonstrate the suitability of our dataset for use in production systems.
Highlights
Industrial Control Systems (ICS) are in charge of carrying out the management and supervision of industrial processes performed by critical infrastructures in industries such as electric, water, natural gas or chemical [1]
In the case of false data injection attacks, we propose two different set of attacks: 1) those that create packets to perform spurious writes or reads in valid memory addresses of a Programmable-Logic Controllers (PLCs); 2) those that maliciously modify existing packets with the goal of altering the data returned by the slave, forcing an error in the response returned by the slave, or changing the command message sent by the master
The subsets have been generated from a realistic Electric Traction Substation presenting a novel scenario focused on anomaly detection in ICS
Summary
Industrial Control Systems (ICS) are in charge of carrying out the management and supervision of industrial processes performed by critical infrastructures in industries such as electric, water, natural gas or chemical [1]. The performance of the previous techniques is measured using datasets that contain relevant data (network traffic, sensor and actuators logs, or features from previous sources) of an ICS scenario where several attacks are running. In this context, the quality of the datasets is key to evaluate the different detection techniques. As a result of our methodology, we created a new publicly available ICS dataset called Electra [8], which has been generated from the network traffic of an electric traction substation running in both normal and under attack ways.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
