Paper Info
Title
State-aware anomaly detection for industrial control systems.
Abstract
Anomaly detection for industrial control systems (ICS) can leverage process data to detect malicious derivations from expected process behavior. We propose state-aware anomaly detection that uses state dependent detection thresholds, which provide tighter constraints for an attacker trying to manipulate the process. In particular, our system provides: (i) estimation of system state from the knowledge of the network and the physical process (ii) a state-aware cumulative sum of residuals for monitoring the industrial control system (iii) and a novel state-aware anomaly detection technique. We implement and evaluate our anomaly detection technique on a real-world ICS. We pre-compute the process-state parameters using a big data framework for ICS and train the detector leveraging more than 120 GB of historical data from the ICS. The results show that the proposed method improves prior works by providing less time-to-detect of attacks while generating fewer false alarms.
Year
DOI
Venue
2018
10.1145/3167132.3167305
SAC 2018: Symposium on Applied Computing Pau France April, 2018
Keywords
Field
DocType
Industrial Control System, Anomaly Detection, Process State, Residual, CUSUM
Residual,CUSUM,Anomaly detection,State dependent,Process state,Computer science,Real-time computing,Industrial control system,Big data,Detector
Conference
ISBN
Citations 
PageRank 
978-1-4503-5191-1
4
0.40
References 
Authors
13
5
Name
Order
Citations
PageRank
Hamid Reza Ghaeini1303.62
Daniele Antonioli2394.36
Franz Ferdinand Brasser321414.51
Ahmad-reza Sadeghi45463334.69
Nils Ole Tippenhauer555550.95