Abstract | ||
---|---|---|
Anomaly detection for industrial control systems (ICS) can leverage process data to detect malicious derivations from expected process behavior. We propose state-aware anomaly detection that uses state dependent detection thresholds, which provide tighter constraints for an attacker trying to manipulate the process. In particular, our system provides: (i) estimation of system state from the knowledge of the network and the physical process (ii) a state-aware cumulative sum of residuals for monitoring the industrial control system (iii) and a novel state-aware anomaly detection technique. We implement and evaluate our anomaly detection technique on a real-world ICS. We pre-compute the process-state parameters using a big data framework for ICS and train the detector leveraging more than 120 GB of historical data from the ICS. The results show that the proposed method improves prior works by providing less time-to-detect of attacks while generating fewer false alarms.
|
Year | DOI | Venue |
---|---|---|
2018 | 10.1145/3167132.3167305 | SAC 2018: Symposium on Applied Computing
Pau
France
April, 2018 |
Keywords | Field | DocType |
Industrial Control System, Anomaly Detection, Process State, Residual, CUSUM | Residual,CUSUM,Anomaly detection,State dependent,Process state,Computer science,Real-time computing,Industrial control system,Big data,Detector | Conference |
ISBN | Citations | PageRank |
978-1-4503-5191-1 | 4 | 0.40 |
References | Authors | |
13 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Hamid Reza Ghaeini | 1 | 30 | 3.62 |
Daniele Antonioli | 2 | 39 | 4.36 |
Franz Ferdinand Brasser | 3 | 214 | 14.51 |
Ahmad-reza Sadeghi | 4 | 5463 | 334.69 |
Nils Ole Tippenhauer | 5 | 555 | 50.95 |