Probabilistic models-based intrusion detection using sequence characteristics in control system communication

Abstract

The importance of cyber security has increased with the networked and highly complex structure of computer systems, and the increased value of information. Traditionally, control systems did not use networked communication systems. So, the cyber security was not important for the control systems. The networked control systems such as an intelligent distribution network system are appearing, and the cyber security will become very important for the control systems in the near future. However, we have few actual cyber attacks against the control systems. The intrusion detection should be developed by using only normal control system communication. In this paper, we compare conditional random field-based intrusion detection with the other probabilistic models-based intrusion detection. These methods use the sequence characteristics of network traffic in the control system communication. The learning only utilizes normal network traffic data, assuming that there is no prior knowledge on attacks in the system. We applied these two probabilistic models to intrusion detection in DARPA data and an experimental control system network and compared the differences in the performance.