Online Parallel Attack Detection Method for Industrial Control Based on Multi-Bandpass Filter

Abstract

Unlike conventional IT systems, industrial control systems (ICS) requires tailored attack detection methods due to its unique communication protocols. Existing attack detection methods lack the ability to consider both detection accuracy and time performance, particularly for highly stealthy fake data injection attacks (FDIA). To address these challenges, this work proposes an online parallel attack detection method for ICS based on multi-bandpass filter. By building multiple adaptive filters based on energy equilibrium and time-frequency domain data transformation, we implement multi-frequency band data segmentation. Hierarchical temporal memory (HTM) models are employed to parallelly fit the segmented data and detect anomalies. Simulation experiments demonstrate that our method outperforms the state-of-the-art Numenta method, achieving a 9% higher detection accuracy while reducing detection time to just 1/14 of Numenta’s. These results highlight the significant advantages of our method in striking a balance between detection accuracy and time performance. Our proposed method fills the gap in ICS attack detection and offers substantial improvements over existing techniques.