ProIDS: A Segmentation and Segregation-based Process-level Intrusion Detection System for Securing Critical Infrastructures

Abstract

Critical infrastructures (CIs) are highly susceptible to cyber threats due to their crucial role in the nation and society. Intrusion Detection Systems (IDS) are deployed at the process level to enhance CI security. These process-level IDSs are broadly categorized into univariate and multivariate systems. Our research underscores that both types of systems encounter limitations, especially in handling correlations among process variables (PVs). Univariate IDSs neglect correlations by assessing PVs in isolation, while multivariate IDSs capture these but are vulnerable to evasion attacks. In response, we introduce ProIDS- a novel segmentation and segregation-based process-level IDS. ProIDS leverages the inherent correlations among PVs while segregating them into distinct units to enhance security against evolving threats. This strategic approach ensures the capture of correlations and mitigates the risk of evasion attacks, enhancing the system’s ability to detect abnormal activities. Additionally, ProIDS offers non-parametric modeling for heightened performance, minimal computational overhead, and noise reduction properties. Our comprehensive experiments demonstrate ProIDS’s superiority over baseline methods, delivering precise detection of various attacks while maintaining operational efficiency.