On the practical integration of anomaly detection techniques in industrial control applications,International Journal of Critical Infrastructure Protection

当前位置： X-MOL 学术 › Int. J. Crit. Infrastruct. Prot. › 论文详情

Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)

On the practical integration of anomaly detection techniques in industrial control applications
International Journal of Critical Infrastructure Protection ( IF 4.1 ) Pub Date : 2018-10-26 , DOI: 10.1016/j.ijcip.2018.10.008
Piroska Haller , Béla Genge , Adrian-Vasile Duka

Despite significant advances made on anomaly detection systems, few reports are found documenting their practical integration into the industrial realm. Furthermore, the literature reports a wide range of complex detection strategies, which may require hardware changes/updates in order to be supported by critical industrial equipment such as industrial controllers (e.g., Programmable Logic Controllers). To address these issues, this paper documents a systematic methodology for the practical integration of lightweight anomaly detection algorithms into industrial control applications. It shows that industrial controllers, and in particular the scheduling rate of user programs, are sensitive to network traffic-based disturbances. Therefore, the methodology embraces the task scheduling rates found in control applications, and their deviation from the “normal” behavior. It designs a “monitoring” task, and an innovative algorithm for detecting abnormal task scheduling rates by leveraging the cumulative sum model (CUSUM) and a regression strategy applied on a specific time interval. Essentially, the approach enhances the industrial controller with a “security module” that can trigger alerts to identify early cyber attacks. The approach is extensively analyzed in the context of two industrial controllers: a Phoenix Contact ILC 350-PN controller, and a Siemens SIMATIC S7-1200 Programmable controller.

中文翻译：

关于异常检测技术在工业控制应用中的实际集成

尽管在异常检测系统方面取得了重大进展，但很少有报告证明它们已实际集成到工业领域。此外，文献报道了各种各样的复杂检测策略，这些策略可能需要硬件更改/更新，以便由诸如工业控制器（例如，可编程逻辑控制器）之类的关键工业设备来支持。为了解决这些问题，本文介绍了一种将轻量级异常检测算法实际集成到工业控制应用中的系统方法。它表明工业控制器，尤其是用户程序的调度速率，对基于网络流量的干扰很敏感。因此，该方法包括控制应用程序中的任务调度率，以及他们与“正常”行为的偏离。它设计了一个“监视”任务，以及一种通过利用累积和模型（CUSUM）和应用于特定时间间隔的回归策略来检测异常任务调度率的创新算法。本质上，该方法通过“安全模块”增强了工业控制器，该模块可以触发警报以识别早期的网络攻击。在两个工业控制器的背景下对该方法进行了广泛的分析：Phoenix Contact ILC 350-PN控制器和西门子SIMATIC S7-1200可编程控制器。该方法通过“安全模块”增强了工业控制器，该模块可以触发警报以识别早期的网络攻击。在两个工业控制器的背景下对该方法进行了广泛的分析：Phoenix Contact ILC 350-PN控制器和西门子SIMATIC S7-1200可编程控制器。该方法通过“安全模块”增强了工业控制器，该模块可以触发警报以识别早期的网络攻击。在两个工业控制器的背景下对该方法进行了广泛的分析：Phoenix Contact ILC 350-PN控制器和西门子SIMATIC S7-1200可编程控制器。

更新日期：2018-10-26

点击分享查看原文

点击收藏

阅读更多本刊最新论文本刊介绍/投稿指南11