scholarly journals A three-tiered intrusion detection system for industrial control systems

2021 ◽  
Vol 7 (1) ◽  
Author(s):  
Eirini Anthi ◽  
Lowri Williams ◽  
Pete Burnap ◽  
Kevin Jones
Keyword(s):  
Intrusion Detection ◽  
Control Systems ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Network Activity ◽  
Intrusion Detection Systems ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Detection Systems ◽  
Attack Type

Abstract This article presents three-tiered intrusion detection systems, which uses a supervised approach to detect cyber-attacks in industrial control systems networks. The proposed approach does not only aim to identify malicious packets on the network but also attempts to identify the general and finer grain attack type occurring on the network. This is key in the industrial control systems environment as the ability to identify exact attack types will lead to an increased response rate to the incident and the defence of the infrastructure. More specifically, the proposed system consists of three stages that aim to classify: (i) whether packets are malicious; (ii) the general attack type of malicious packets (e.g. Denial of Service); and (iii) finer-grained cyber-attacks (e.g. bad cyclic redundancy check, attack). The effectiveness of the proposed intrusion detection systems is evaluated on network data collected from a real industrial gas pipeline system. In addition, an insight is provided as to which features are most relevant in detecting such malicious behaviour. The performance of the system results in an F-measure of: (i) 87.4%, (ii) 74.5% and (iii) 41.2%, for each of the layers, respectively. This demonstrates that the proposed architecture can successfully distinguish whether network activity is malicious and detect which general attack was deployed.

scholarly journals A survey of intrusion detection on industrial control systems

2018 ◽  
Vol 14 (8) ◽  
pp. 155014771879461 ◽  
Author(s):  
Yan Hu ◽  
An Yang ◽  
Hong Li ◽  
Yuyan Sun ◽  
Limin Sun
Keyword(s):  
Intrusion Detection ◽  
Control Systems ◽  
Internet Technology ◽  
Security Requirements ◽  
Intrusion Detection Systems ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Detection Systems ◽  
Advantages And Disadvantages ◽  
Detection Technology

The modern industrial control systems now exhibit an increasing connectivity to the corporate Internet technology networks so as to make full use of the rich resource on the Internet. The increasing interaction between industrial control systems and the outside Internet world, however, has made them an attractive target for a variety of cyber attacks, raising a great need to secure industrial control systems. Intrusion detection technology is one of the most important security precautions for industrial control systems. It can effectively detect potential attacks against industrial control systems. In this survey, we elaborate on the characteristics and the new security requirements of industrial control systems. After that, we present a new taxonomy of intrusion detection systems for industrial control systems based on different techniques: protocol analysis based, traffic mining based, and control process analysis based. In addition, we analyze the advantages and disadvantages of different categories of intrusion detection systems and discuss some future developments of intrusion detection systems for industrial control systems, in order to promote further research on intrusion detection technology for industrial control systems.

Developing Training Research to Improve Cyber Defense of Industrial Control Systems

2018 ◽  
Vol 62 (1) ◽  
pp. 1439-1443
Author(s):  
Matthew Canham ◽  
Stephen M. Fiore ◽  
Bruce D. Caulkins
Keyword(s):  
Control Systems ◽  
Private Information ◽  
Cyber Attacks ◽  
Automated Detection ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Detection Systems ◽  
Training Research ◽  
Human Operators ◽  
And Control

Cyber-attacks are a common aspect of modern life. While cyber based attacks can expose private information or shut down online services, some of the most potentially dangerous attacks change the sensor and control data utilized by Industrial Control Systems for the intended purpose of causing severe damage to the technical processes that these systems control. The damage caused by the Stuxnet worm is one of the most infamous examples of this type of attack. Because only the most advanced levels of adversaries are able to mount successful attacks against these systems, detecting them is extremely challenging. Automated detection systems have not yet evolved to the point of being capable of consistently and successfully detecting these attacks, and for this reason, human operators will need to be involved in Industrial Control Systems protection for the foreseeable future. We propose several potential training-based solutions to aid the defense of these systems.

scholarly journals CYBER ATTACKS ON SCADA BASED TRAFFIC LIGHT CONTROL SYSTEMS IN THE SMART CITIES

2021 ◽  
Vol XLVI-4/W5-2021 ◽  
pp. 411-415
Author(s):  
C. Özarpa ◽  
İ. Avcı ◽  
B. F. Kınacı ◽  
S. Arapoğlu ◽  
S. A. Kara
Keyword(s):  
Intrusion Detection ◽  
Control Systems ◽  
Cyber Attacks ◽  
Intrusion Detection Systems ◽  
Traffic Light ◽  
Dos Attacks ◽  
Jamming Attacks ◽  
Traffic Lights ◽  
Detection Systems ◽  
Traffic Light Control

Abstract. There are regular developments and changes in cities. Developments in cities have affected transportation, and traffic control tools have changed. Traffic signs and traffic lights have been used to direct pedestrians and vehicles correctly. Traffic light control systems are used to ensure the safety of vehicles and pedestrians, increase the fluency in traffic, guide them in transportation, warn pedestrians and drivers, and regulate and control transportation disruptions. In order to facilitate people's lives, it is desired to control the traffic components autonomously with the developments in autonomous systems. Cyber threats arise due to the active use of the internet and signals or frequencies in the use of modules that will provide communication with traffic lights, traffic signs, and vehicles, which are traffic components at the inter-sections of many roads in the control of central systems. The study is limited to smart traffic lights, which are traffic components. If we examine the cyber-attacks, we can see that Malware Attacks, Buffer Overflow Attacks, DoS attacks, and Jamming Attacks can be made. Network-Based Intrusion Detection Systems and Host-Based Intrusion Detection Systems can be used to detect and stop Malware Attacks, Buffer Overflow Attacks, DoS attacks, and Jamming Attacks. Intrusion detection systems tell us whether the data poses a threat or does not pose after the data passing through the system is examined. In this way, system protection is ensured by controlling the data traffic in the system.

Building a Cybersecurity Culture in the Industrial Control System Environment

2019 ◽  
Vol 8 (1) ◽  
pp. 39-44
Author(s):  
Claudia ARAUJO MACEDO ◽  
Jos MENTING
Keyword(s):  
Control System ◽  
Control Systems ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Industrial Control System ◽  
Security Measures ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
System A ◽  
Educational Processes

Cybersecurity in industrial control system environments has become a significant concern and is even more relevant in the context of critical infrastructures where control system disruption could have a profound impact on health, safety and the environment. This makes this type of system a major target for malicious activities. Notwithstanding an organization’s interest in protecting its industrial control systems against cyber-attacks, the implementation of security measures, whether technical, organizational or human, still faces resistance and is often seen as a constraint. Using the best technology to protect industrial control systems makes no sense if persons with access do not act attentively and protectively. Technical and human cybersecurity measures are intrinsically linked, and it is essential that all persons with access to these systems are fully aware of the inherent cyber risks. Organizations must also act so that staff receive appropriate training on how to keep systems continuously protected against cyber-attack when carrying out their daily tasks. These educational processes can contribute to building an effective cybersecurity culture fully reflective of management and staff attitudes, so that the availability, integrity and confidentiality of information in industrial control systems can be assured.

scholarly journals Intrusion Detection for Industrial Control Systems Based on Open Set Artificial Neural Network

2021 ◽  
Vol 2021 ◽  
pp. 1-14
Author(s):  
Chao Wang ◽  
Bailing Wang ◽  
Yunxiao Sun ◽  
Yuliang Wei ◽  
Kai Wang ◽  
...  
Keyword(s):  
Neural Network ◽  
Artificial Neural Network ◽  
Intrusion Detection ◽  
Control Systems ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Open Set ◽  
The Neural Network ◽  
Center Loss ◽  
Artificial Neural

The security of industrial control systems (ICSs) has received a lot of attention in recent years. ICSs were once closed networks. But with the development of IT technologies, ICSs have become connected to the Internet, increasing the potential of cyberattacks. Because ICSs are so tightly linked to human lives, any harm to them could have disastrous implications. As a technique of providing protection, many intrusion detection system (IDS) studies have been conducted. However, because of the complicated network environment and rising means of attack, it is difficult to cover all attack classes, most of the existing classification techniques are hard to deploy in a real environment since they cannot deal with the open set problem. We propose a novel artificial neural network based-methodology to solve this problem. Our suggested method can classify known classes while also detecting unknown classes. We conduct research from two points of view. On the one hand, we use the openmax layer instead of the traditional softmax layer. Openmax overcomes the limitations of softmax, allowing neural networks to detect unknown attack classes. During training, on the other hand, a new loss function termed center loss is implemented to improve detection ability. The neural network model learns better feature representations with the combined supervision of center loss and softmax loss. We evaluate the neural network on NF-BoT-IoT-v2 and Gas Pipeline datasets. The experiments show our proposed method is comparable with the state-of-the-art algorithm in terms of detecting unknown classes. But our method has a better overall classification performance.

scholarly journals A review: towards practical attack taxonomy for industrial control systems

2018 ◽  
Vol 7 (2.14) ◽  
pp. 145 ◽  
Author(s):  
Qais Saif Qassim ◽  
Norziana Jamil ◽  
Razali Jidin ◽  
Mohd Ezanee Rusli ◽  
Md Nabil Ahmad Zawawi ◽  
...  
Keyword(s):  
Control Systems ◽  
Supervisory Control ◽  
Cyber Attacks ◽  
Critical Infrastructures ◽  
Cyber Attack ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Scada System ◽  
Water Transportation ◽  
Different Types

Supervisory Control and Data Acquisition (SCADA) system is the underlying control system of most national critical infrastructures such as power, energy, water, transportation and telecommunication. In order to understand the potential threats to these infrastructures and the mechanisms to protect them, different types of cyber-attacks applicable to these infrastructures need to be identified. Therefore, there is a significant need to have a comprehensive understanding of various types of cyber-attacks and its classification associated with both Opera-tion Technology (OT) and Information Technology (IT). This paper presents a comprehensive review of existing cyber-attack taxonomies available in the literature and evaluates these taxonomies based on defined criteria.  

Sign in / Sign up

Export Citation Format

Share Document