当前位置: X-MOL 学术Int. J. Crit. Infrastruct. Prot. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
A novel online state-based anomaly detection system for process control networks
International Journal of Critical Infrastructure Protection ( IF 4.1 ) Pub Date : 2019-08-31 , DOI: 10.1016/j.ijcip.2019.100323
Hamed Farsi , Ali Fanian , Zahra Taghiyarrenani

Industrial control networks are the core part of critical infrastructures such as power grid and oil refinery. In recent years, the number of cyber-attacks to industrial control networks are growing increasingly. Moreover, connecting industrial networks to the public network makes these critical infrastructures more vulnerable to the cyber-attacks. Therefore, improving the security of these networks has attracted much attention nowadays. To protect industrial control networks, the proposed online method is able to detect anomalies with low computational time while do not use prior knowledge about the system and anomalies. This method can adjust the severity of detection in order to efficiently detect changes which lead to anomalies; And also can be adapted to inevitable network changes by updating the anomaly threshold using the latest normal states. The proposed method finds anomalies in the network using high-pass filters and Euclidean distance of the current state with the latest states. To evaluate the efficiency of the proposed approach, a boiler control system is simulated and three test datasets are provided from this simulation. The proposed intrusion detection system was evaluated through these datasets, as well as the SWaT dataset. The results show that the proposed approach not only is highly effective for detecting anomalies, but also is adaptable to the normal variations in the network.



中文翻译:

一种新颖的基于状态的在线在线过程控制异常检测系统

工业控制网络是关键基础设施(如电网和炼油厂)的核心部分。近年来,对工业控制网络的网络攻击越来越多。此外,将工业网络连接到公共网络使这些关键基础设施更容易受到网络攻击。因此,如今,提高这些网络的安全性已引起了广泛关注。为了保护工业控制网络,所提出的在线方法能够以较低的计算时间检测异常,而无需使用有关系统和异常的先验知识。此方法可以调整检测的严重程度,以便有效地检测导致异常的变化;通过使用最新的正常状态更新异常阈值,还可以适应不可避免的网络更改。所提出的方法使用高通滤波器和当前状态与最新状态的欧几里得距离来查找网络中的异常。为了评估所提出方法的效率,对锅炉控制系统进行了仿真,并从该仿真中提供了三个测试数据集。通过这些数据集以及SWaT数据集对提议的入侵检测系统进行了评估。结果表明,该方法不仅对异常检测非常有效,而且适应网络中的正常变化。为了评估所提出方法的效率,对锅炉控制系统进行了仿真,并从该仿真中提供了三个测试数据集。通过这些数据集以及SWaT数据集对提议的入侵检测系统进行了评估。结果表明,该方法不仅对异常检测非常有效,而且适应网络中的正常变化。为了评估所提出方法的效率,对锅炉控制系统进行了仿真,并从该仿真中提供了三个测试数据集。通过这些数据集以及SWaT数据集对提议的入侵检测系统进行了评估。结果表明,该方法不仅对异常检测非常有效,而且适应网络中的正常变化。

更新日期:2019-08-31
down
wechat
bug