scholarly journals MADICS: A Methodology for Anomaly Detection in Industrial Control Systems

Symmetry ◽  
2020 ◽  
Vol 12 (10) ◽  
pp. 1583
Author(s):  
Ángel Luis Perales Gómez ◽  
Lorenzo Fernández Maimó ◽  
Alberto Huertas Celdrán ◽  
Félix J. García Clemente
Keyword(s):  
Deep Learning ◽  
Water Treatment ◽  
Anomaly Detection ◽  
Control Systems ◽  
Learning Algorithms ◽  
Treatment Plant ◽  
Cyber Attacks ◽  
Fine Tuning ◽  
Industrial Control ◽  
Industrial Control Systems

Industrial Control Systems (ICSs) are widely used in critical infrastructures to support the essential services of society. Therefore, their protection against terrorist activities, natural disasters, and cyber threats is critical. Diverse cyber attack detection systems have been proposed over the years, in which each proposal has applied different steps and methods. However, there is a significant gap in the literature regarding methodologies to detect cyber attacks in ICS scenarios. The lack of such methodologies prevents researchers from being able to accurately compare proposals and results. In this work, we present a Methodology for Anomaly Detection in Industrial Control Systems (MADICS) to detect cyber attacks in ICS scenarios, which is intended to provide a guideline for future works in the field. MADICS is based on a semi-supervised anomaly detection paradigm and makes use of deep learning algorithms to model ICS behaviors. It consists of five main steps, focused on pre-processing the dataset to be used with the machine learning and deep learning algorithms; performing feature filtering to remove those features that do not meet the requirements; feature extraction processes to obtain higher order features; selecting, fine-tuning, and training the most appropriate model; and validating the model performance. In order to validate MADICS, we used the popular Secure Water Treatment (SWaT) dataset, which was collected from a fully operational water treatment plant. The experiments demonstrate that, using MADICS, we can achieve a state-of-the-art precision of 0.984 (as well as a recall of 0.750 and F1-score of 0.851), which is above the average of other works, proving that the proposed methodology is suitable for use in real ICS scenarios.

scholarly journals Detecting Vulnerabilities in Critical Infrastructures by Classifying Exposed Industrial Control Systems Using Deep Learning

2021 ◽  
Vol 11 (1) ◽  
pp. 367
Author(s):  
Pablo Blanco-Medina ◽  
Eduardo Fidalgo ◽  
Enrique Alegre ◽  
Roberto A. Vasco-Carofilis ◽  
Francisco Jañez-Martino ◽  
...  
Keyword(s):  
Deep Learning ◽  
Control Systems ◽  
Transfer Learning ◽  
Critical Infrastructure ◽  
Fine Tuning ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Monitoring Protocols ◽  
Available Information ◽  
Specific Control

Industrial control systems depend heavily on security and monitoring protocols. Several tools are available for this purpose, which scout vulnerabilities and take screenshots of various control panels for later analysis. However, they do not adequately classify images into specific control groups, which is crucial for security-based tasks performed by manual operators. To solve this problem, we propose a pipeline based on deep learning to classify snapshots of industrial control panels into three categories: internet technologies, operation technologies, and others. More specifically, we compare the use of transfer learning and fine-tuning in convolutional neural networks (CNNs) pre-trained on ImageNet to select the best CNN architecture for classifying the screenshots of industrial control systems. We propose the critical infrastructure dataset (CRINF-300), which is the first publicly available information technology (IT)/operational technology (OT) snapshot dataset, with 337 manually labeled images. We used the CRINF-300 to train and evaluate eighteen different pipelines, registering their performance under CPU and GPU environments. We found out that the Inception-ResNet-V2 and VGG16 architectures obtained the best results on transfer learning and fine-tuning, with F1-scores of 0.9832 and 0.9373, respectively. In systems where time is critical and the GPU is available, we recommend using the MobileNet-V1 architecture, with an average time of 0.03 s to process an image and with an F1-score of 0.9758.

scholarly journals FALCON: Framework for Anomaly Detection in Industrial Control Systems

Electronics ◽  
2020 ◽  
Vol 9 (8) ◽  
pp. 1192 ◽  
Author(s):  
Subin Sapkota ◽  
A K M Nuhil Mehdy ◽  
Stephen Reese ◽  
Hoda Mehrpouyan
Keyword(s):  
Water Treatment ◽  
Anomaly Detection ◽  
Control Systems ◽  
Short Term Memory ◽  
Critical Infrastructure ◽  
Attack Detection ◽  
Support Vector ◽  
Physical Processes ◽  
Industrial Control ◽  
Industrial Control Systems

Industrial Control Systems (ICS) are used to control physical processes in critical infrastructure. These systems are used in a wide variety of operations such as water treatment, power generation and distribution, and manufacturing. While the safety and security of these systems are of serious concern, recent reports have shown an increase in targeted attacks aimed at manipulating physical processes to cause catastrophic consequences. This trend emphasizes the need for algorithms and tools that provide resilient and smart attack detection mechanisms to protect ICS. In this paper, we propose an anomaly detection framework for ICS based on a deep neural network. The proposed methodology uses dilated convolution and long short-term memory (LSTM) layers to learn temporal as well as long term dependencies within sensor and actuator data in an ICS. The sensor/actuator data are passed through a unique feature engineering pipeline where wavelet transformation is applied to the sensor signals to extract features that are fed into the model. Additionally, this paper explores four variations of supervised deep learning models, as well as an unsupervised support vector machine (SVM) model for this problem. The proposed framework is validated on Secure Water Treatment testbed results. This framework detects more attacks in a shorter period of time than previously published methods.

scholarly journals Industrial Anomaly Detection and Attack Classification Method Based on Convolutional Neural Network

2019 ◽  
Vol 2019 ◽  
pp. 1-11 ◽  
Author(s):  
Yingxu Lai ◽  
Jingwen Zhang ◽  
Zenghui Liu
Keyword(s):  
Neural Network ◽  
Deep Learning ◽  
Anomaly Detection ◽  
Convolutional Neural Network ◽  
Control Systems ◽  
Mapping Method ◽  
Learning Method ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Scada System

The massive use of information technology has brought certain security risks to the industrial production process. In recent years, cyber-physical attacks against industrial control systems have occurred frequently. Anomaly detection technology is an essential technical means to ensure the safety of industrial control systems. Considering the shortcomings of traditional methods and to facilitate the timely analysis and location of anomalies, this study proposes a solution based on the deep learning method for industrial traffic anomaly detection and attack classification. We use a convolutional neural network deep learning representation model as the detection model. The original one-dimensional data are mapped using the feature mapping method to make them suitable for model processing. The deep learning method can automatically extract critical features and achieve accurate attack classification. We performed a model evaluation using real network attack data from a supervisory control and data acquisition (SCADA) system. The experimental results showed that the proposed method met the anomaly detection and attack classification needs of a SCADA system. The proposed method also promotes the application of deep learning methods in industrial anomaly detection.

Detecting cyberattacks using anomaly detection in industrial control systems: A Federated Learning approach

2021 ◽  
Vol 132 ◽  
pp. 103509
Author(s):  
Truong Thu Huong ◽  
Ta Phuong Bac ◽  
Dao Minh Long ◽  
Tran Duc Luong ◽  
Nguyen Minh Dan ◽  
...  
Keyword(s):  
Anomaly Detection ◽  
Control Systems ◽  
Learning Approach ◽  
Industrial Control ◽  
Industrial Control Systems

Building a Cybersecurity Culture in the Industrial Control System Environment

2019 ◽  
Vol 8 (1) ◽  
pp. 39-44
Author(s):  
Claudia ARAUJO MACEDO ◽  
Jos MENTING
Keyword(s):  
Control System ◽  
Control Systems ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Industrial Control System ◽  
Security Measures ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
System A ◽  
Educational Processes

Cybersecurity in industrial control system environments has become a significant concern and is even more relevant in the context of critical infrastructures where control system disruption could have a profound impact on health, safety and the environment. This makes this type of system a major target for malicious activities. Notwithstanding an organization’s interest in protecting its industrial control systems against cyber-attacks, the implementation of security measures, whether technical, organizational or human, still faces resistance and is often seen as a constraint. Using the best technology to protect industrial control systems makes no sense if persons with access do not act attentively and protectively. Technical and human cybersecurity measures are intrinsically linked, and it is essential that all persons with access to these systems are fully aware of the inherent cyber risks. Organizations must also act so that staff receive appropriate training on how to keep systems continuously protected against cyber-attack when carrying out their daily tasks. These educational processes can contribute to building an effective cybersecurity culture fully reflective of management and staff attitudes, so that the availability, integrity and confidentiality of information in industrial control systems can be assured.

Sign in / Sign up

Export Citation Format

Share Document