Machine learning for intrusion detection in industrial control systems: challenges and lessons from experimental evaluation

被引:36
作者
Raman, Gauthama M. R. [1 ]
Ahmed, Chuadhry Mujeeb [2 ]
Mathur, Aditya [1 ]
机构
[1] Singapore Univ Technol & Design SUTD, iTrust, 8 Somapah Rd, Singapore 487372, Singapore
[2] Univ Strathclyde, 16 Richmond St, Glasgow G1 1XQ, Lanark, Scotland
来源
CYBERSECURITY | 2021年 / 4卷 / 01期
基金
新加坡国家研究基金会;
关键词
Industrial control systems; ICS security; Machine learning; Intrusion detection; Testbed and experimental Study; NEURAL-NETWORK; HYPERGRAPH;
D O I
10.1186/s42400-021-00095-5
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Gradual increase in the number of successful attacks against Industrial Control Systems (ICS) has led to an urgent need to create defense mechanisms for accurate and timely detection of the resulting process anomalies. Towards this end, a class of anomaly detectors, created using data-centric approaches, are gaining attention. Using machine learning algorithms such approaches can automatically learn the process dynamics and control strategies deployed in an ICS. The use of these approaches leads to relatively easier and faster creation of anomaly detectors compared to the use of design-centric approaches that are based on plant physics and design. Despite the advantages, there exist significant challenges and implementation issues in the creation and deployment of detectors generated using machine learning for city-scale plants. In this work, we enumerate and discuss such challenges. Also presented is a series of lessons learned in our attempt to meet these challenges in an operational plant.
引用
收藏
页数:12
相关论文
共 55 条
[1]   Distributed Attack Detection in a Water Treatment Plant: Method and Case Study [J].
Adepu, Sridhar ;
Mathur, Aditya .
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2021, 18 (01) :86-99
[2]   Generalized attacker and attack models for Cyber Physical Systems [J].
Adepu, Sridhar ;
Mathur, Aditya .
PROCEEDINGS 2016 IEEE 40TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE WORKSHOPS, VOL 1, 2016, :283-292
[3]  
Ahmed Chuadhry Mujeeb, 2020, WiSec '20: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, P219, DOI 10.1145/3395351.3399364
[4]   Scanning the Cycle: Timing-based Authentication on PLCs [J].
Ahmed, Chuadhry Mujeeb ;
Ochoa, Martin ;
Zhou, Jianying ;
Mathur, Aditya .
ASIA CCS'21: PROCEEDINGS OF THE 2021 ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2021, :886-900
[5]   NoiSense Print: Detecting Data Integrity Attacks on Sensor Measurements Using Hardware-based Fingerprints [J].
Ahmed, Chuadhry Mujeeb ;
Mathur, Aditya P. ;
Ochoa, Martin .
ACM TRANSACTIONS ON PRIVACY AND SECURITY, 2021, 24 (01)
[6]   Challenges in Machine Learning based approaches for Real-Time Anomaly Detection in Industrial Control Systems [J].
Ahmed, Chuadhry Mujeeb ;
Raman, Gauthama M. R. ;
Mathur, Aditya P. .
PROCEEDINGS OF THE 6TH ACM CYBER-PHYSICAL SYSTEM SECURITY WORKSHOP, CPSS 2020, 2020, :23-29
[7]   Noise Matters: Using Sensor and Process Noise Fingerprint to Detect Stealthy Cyber Attacks and Authenticate sensors in CPS [J].
Ahmed, Chuadhry Mujeeb ;
Zhou, Jianying ;
Mathur, Aditya P. .
34TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2018), 2018, :566-581
[8]   Model-based Attack Detection Scheme for Smart Water Distribution Networks [J].
Ahmed, Chuadhry Mujeeb ;
Murguia, Carlos ;
Ruths, Justin .
PROCEEDINGS OF THE 2017 ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (ASIA CCS'17), 2017, :101-113
[9]  
Ahmed CM, 2020, ARXIV PREPRINT ARXIV
[10]   A Tale of Two Testbeds: A Comparative Study of Attack Detection Techniques in CPS [J].
Athalye, Surabhi ;
Ahmed, Chuadhry Mujeeb ;
Zhou, Jianying .
CRITICAL INFORMATION INFRASTRUCTURES SECURITY, CRITIS 2020, 2020, 12332 :17-30
123456