Abstract
As a number of attacks such as Stuxnet and BlackEnergy targeting the control system of critical infrastructure have happened, the importance of security enhancement for the facilities such as industrial CPS (Cyber Physical System) has emerged. In this paper, by reflecting the characteristics of industrial CPS, we propose a packet diversity-based anomaly detection model which we can learn and conduct detection with more effectively than the existing anomaly detection systems. In the proposed detection system, in order to enhance the sensitivity of the detection model, we construct a detection models on each after grouping the data of an industrial CPS into packet structure based on features of packet header. The proposed detection system aims single packet anomaly detection to cope with the threats such as injection attacks, malformed packet used in fuzzing and others. For the architecture of anomaly detection system, we suppose a structure applying whitelist and learning-based detection model doubly. Measuring packet diversity using payload variation of packet and entropy-based uncertainty is also proposed to select which learning-based detection model is appropriate to dataset. As learning-based detection models, anomaly detection system uses a model constructed with a well-known learning method OCSVM (One Class SVM) and a newly proposed representative detection model made for solving the limitation of OCSVM.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.