Malicious Anomaly Detection Approaches Robustness in Manufacturing ICSs

For the past decade, manufacturing Industrial Control Systems (ICSs) have suffered from targeted attacks against their physical system and their control integrity, resulting in financial and material losses. Among protective answers to this malicious threat, Anomaly Detection Systems (ADS) based on behavioral models of the ICS are highly regarded for their ability to detect zero-day attacks. However, the design of accurate and non-obsolescent detection models is not as an easy task in a constantly changing ICS environment. Thus, this paper provides an overview of the behavioral ADSs detection flaws issued from the ICS unpredictable management and its heterogeneous environment. Behavioral models will be introduced in light of four attributes: their design method, the modeled ICS behavior, the lifecycle of the design and the model nature. Then, each of these attributes will be discussed in regard of their detection robustness to the different environmental factors and uncertainties they are affected by. Copyright (C) 2021 The Authors.