Your search keyword '"Industrial Control System"' showing total 4,362 results

1. Anomaly detection using invariant rules in Industrial Control Systems

Author

Zhu, Qilin, Ding, Yulong, Jiang, Jie, and Yang, Shuang-Hua

Published

2025

2. An intrusion response approach based on multi-objective optimization and deep Q network for industrial control systems

Author

Yue, Yiqun, Zhao, Dawei, Zhou, Yang, Xu, Lijuan, Tang, Yongwei, and Peng, Haipeng

Published

2025

3. The ICS-SEC KG: An Integrated Cybersecurity Resource for Industrial Control Systems

Author

Kurniawan, Kabul, Kiesling, Elmar, Winkler, Dietmar, Ekelhart, Andreas, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Demartini, Gianluca, editor, Hose, Katja, editor, Acosta, Maribel, editor, Palmonari, Matteo, editor, Cheng, Gong, editor, Skaf-Molli, Hala, editor, Ferranti, Nicolas, editor, Hernández, Daniel, editor, and Hogan, Aidan, editor

Published

2025

4. Active Defense Simulation Evaluation of Industrial Control Systems Based on Attack-Defense Graph

Author

Xiao, Qun, Yang, Shouguo, Peng, Jiaqian, Bian, Jingfei, Lv, Shichao, Sun, Limin, Shi, Zhiqiang, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Cai, Zhipeng, editor, Takabi, Daniel, editor, Guo, Shaoyong, editor, and Zou, Yifei, editor

Published

2025

5. Explainable and perturbation-resilient model for cyber-threat detection in industrial control systems Networks.

Author

Izuazu, Urslla Uchechi, Nwakanma, Cosmas Ifeanyi, Kim, Dong-Seong, and Lee, Jae Min

Subjects

MACHINE learning, INDUSTRIAL controls manufacturing, ARTIFICIAL intelligence, DEEP learning, CYBERTERRORISM

Abstract

Deep learning-based intrusion detection systems (DL-IDS) have proven effective in detecting cyber threats. However, their vulnerability to adversarial attacks and environmental noise, particularly in industrial settings, limits practical application. Current IDS models often assume ideal conditions, overlooking noise and adversarial manipulations, leading to degraded performance when deployed in real-world environments. Additionally, the black-box nature of DL model complicates decision-making, especially in industrial control systems (ICS) network, where understanding model behavior is crucial. This paper introduces the eXplainable Cyber-Threat Detection Framework (XC-TDF), a novel solution designed to overcome these challenges. XC-TDF enhances robustness against noise and adversarial attacks using regularization and adversarial training respectively, and also improves transparency through an eXplainable Artificial Intelligence (XAI) module. Simulation results demonstrate its effectiveness, showing resilience to perturbation by achieving commendable accuracy of 100% and 99.4% on the Wustl-IIoT2021 and Edge-IIoT datasets, respectively. Highlights: The paper proposed a perturbation-resilient framework to serve as an additional layer of defense within the Industrial control systems network environment. A unified approach that enhances performance, addressing noise and adversarial vulnerabilities, while improving transparency, and ensuring data integrity is desirable for future generation ICS. Explainable AI (XAI)I is promising to stakeholder's trust on the machine learning models and their interpretation or decisions. In this work, The framework integrates an XAI module for global and local insights, aiding ICS operators and security analysts in informed decision-making using SHAP and LIME frameworks. [ABSTRACT FROM AUTHOR]

Published

2025

6. 面向类不平衡和重叠的工控数据异常检测的半监督欠采样方法.

Author

顾兆军, 扬雪影, 隋翯, and 张一诺

Subjects

*SUPERVISED learning, *INDUSTRIAL controls manufacturing, *SPANNING trees, *SAMPLING methods, *ALGORITHMS

Abstract

Anomaly detection in industrial control systems faces challenges such as lack of label information, class imbalance, and class overlap, which hinder existing classifiers from accurately detecting anomalies. Current data-level sampling methods suffer from inaccurate pseudo-labeling, poor sampling stability, and low overlap detection rates. Therefore, this paper proposed an undersampling method based on semi-supervised learning (SSLU-LP). This method combined the label propagation mechanism with a single class classifier through heterogeneous integration to supplement pseudo-labels. It constructed an overlap region detection model using the minimum spanning tree strategy and employed an under-sampling strategy to selectively remove some majority class samples via nearest neighbor search. Finally, this paper combined the proposed method with 4 classical classifiers and compared it with 9 hybrid algorithms on 9 industrial control datasets. Experimental results show that the proposed method can accurately pseudo-label unlabeled data, efficiently and effectively detect overlapping data in unbalanced datasets, improve the classifier's training performance, and enhance its anomaly detection capabilities. [ABSTRACT FROM AUTHOR]

Published

2025

7. AD-FGP: Industrial Multivariate Time-Series Anomaly Detection via Fusion of Generative and Predictive Models.

Author

YONG JIN, YANG-HUA GAO, WEI-DONG LOU, ZE-LIANG ZHEN, and SHENG-DUO GAN

Subjects

GRAPH neural networks, ARTIFICIAL neural networks, ANOMALY detection (Computer security), INDUSTRIAL controls manufacturing, LEARNING ability

Abstract

Anomaly detection on industrial multivariate time-series data is an important research topic for industrial control systems. Due to the high dimensionality of industrial multivarlate time-series and the lack of labeled anomaly· samples, deep neural networks with the ability of learning temporal patterns in an unsupervised way have become the mainstream techniques, but there is still remaining limitations. First, they have not explicitly modeled the complex correlations between different dimensions. Second, they cannot make a balance between pattern deviation anomalies and single metric anomalies. Aiming at these limitations, this paper proposes AD-FGP, a framework for industrial multivariate timeseries anomaly detection. At)-FGP has two novel features. First, it explicitly learns the correlations between different dimensions using a graph neural network. Second, it fuses a generative model and a predictive model to detect both pattern deviation anomalies and single metric anomalies effectively. We conducted extensive experiments based on both real-world and public datasets. Experiment results show that AD-FGP has a best overall anomaly detection performance by increasing the F 1 -score 5% to 40% as compared to the baseline methods. [ABSTRACT FROM AUTHOR]

Published

2025

8. Infrastructure and Tools for Testing the Vulnerability of Control Systems to Cyberattacks: A Coal Mine Industrial Facility Case.

Author

Plamowski, Sebastian, Chaber, Patryk, Ławryńczuk, Maciej, Nebeluk, Robert, Niewiadomska-Szynkiewicz, Ewa, Suchorab, Jakub, Zarzycki, Krzysztof, Kozakiewicz, Adam, and Stachurski, Andrzej

Subjects

MANUFACTURING processes, INDUSTRIAL controls manufacturing, COAL mining, SOFTWARE architecture, CYBERTERRORISM

Abstract

Testing the vulnerability of information systems to cyberattacks is essential to ensure the operational security of organizations and industrial processes. In particular, it is essential to ensure the resilience of industrial processes, as a possible cyberattack can lead to process malfunctions and even process shutdowns, which can lead to substantial economic losses. The possibility of various attacks, e.g., ransomware, phishing, or advanced persistent threats (APTs), requires the evaluation of the effectiveness of cyberattack detection and incident response mechanisms. In industry, it is often impossible to carry out this type of test without risking system disruption, making it difficult to assess the true effectiveness of security features. This article discusses the issues concerned with testing the cyber resilience of a system operating in a real coal mine. First, this work briefly presents the hardware and software architecture used in the coal mine. Secondly, it describes the problem of replicating a real system in the laboratory and the necessary tools and methods used to implement a resilient system architecture. Finally, the scenarios of cyberattacks are detailed, and the obtained results are discussed. [ABSTRACT FROM AUTHOR]

Published

2024

9. Winning the battle with cyber risk identification tools in industrial control systems: A review

Author

Ayo Rotibi, Neetesh Saxena, and Pete Burnap

Subjects

industrial control system, risk identification methods, risk identification tools, Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95

Abstract

Abstract The modern Industrial Control System (ICS) environment now combines information technology (IT), operational technology, and physical processes. This digital transformation enhances operational efficiency, service quality, and physical system capabilities enabling systems to measure and control the physical world. However, it also exposes ICS to new and evolving cybersecurity threats that were once confined to the IT domain. As a result, identifying cyber risks in ICS has become more critical, leading to the development of new methods and tools to tackle these emerging threats. This study reviews some of the latest tools for cyber‐risk identification in ICS. It empirically analyses each tool based on specific attributes: focus, application domain, core risk management concepts, and how they address current cybersecurity concerns in ICS.

Published

2024

10. Cybersecurity in the energy industry of Ukraine: protection measures and challenges in the context of energy security.

Author

Borychenko, Olena, Cherniavskyi, Anatolii, Muliarevych, Oleksandr, Shelekh, Yurii, and Sabat, Myroslav

Subjects

INDUSTRIAL controls manufacturing, ENERGY infrastructure, NUCLEAR power plants, CYBERTERRORISM, AIR warfare, INTERNET security laws

Abstract

Copyright of Revista Gestão & Tecnologia is the property of Revista Gestao & Tecnologia and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

11. Malware Identification Method in Industrial Control Systems Based on Opcode2vec and CVAE-GAN.

Author

Huang, Yuchen, Liu, Jingwen, Xiang, Xuanyi, Wen, Pan, Wen, Shiyuan, Chen, Yanru, Chen, Liangyin, and Zhang, Yuanyuan

Subjects

*INDUSTRIAL controls manufacturing, *CONVOLUTIONAL neural networks, *MACHINE learning, *MALWARE, *INTERNET security

Abstract

Industrial Control Systems (ICSs) have faced a significant increase in malware threats since their integration with the Internet. However, existing machine learning-based malware identification methods are not specifically optimized for ICS environments, resulting in suboptimal identification performance. In this work, we propose an innovative method explicitly tailored for ICSs to enhance the performance of malware classifiers within these systems. Our method integrates the opcode2vec method based on preprocessed features with a conditional variational autoencoder–generative adversarial network, enabling classifiers based on Convolutional Neural Networks to identify malware more effectively and with some degree of increased stability and robustness. Extensive experiments validate the efficacy of our method, demonstrating the improved performance of malware classifiers in ICSs. Our method achieved an accuracy of 97.30%, precision of 92.34%, recall of 97.44%, and F1-score of 94.82%, which are the highest reported values in the experiment. [ABSTRACT FROM AUTHOR]

Published

2024

12. Mutation-Based Multivariate Time-Series Anomaly Generation on Latent Space with an Attention-Based Variational Recurrent Neural Network for Robust Anomaly Detection in an Industrial Control System.

Author

Jeon, Seungho, Koo, Kijong, Moon, Daesung, and Seo, Jung Taek

Subjects

RECURRENT neural networks, INDUSTRIAL controls manufacturing, ANOMALY detection (Computer security), TIME series analysis, FALSE alarms

Abstract

Anomaly detection involves identifying data that deviates from normal patterns. Two primary strategies are used: one-class classification and binary classification. In Industrial Control Systems (ICS), where anomalies can cause significant damage, timely and accurate detection is essential, often requiring analysis of time-series data. One-class classification is commonly used but tends to have a high false alarm rate. To address this, binary classification is explored, which can better differentiate between normal and anomalous data, though it struggles with class imbalance in ICS datasets. This paper proposes a mutation-based technique for generating ICS time-series anomalies. The method maps ICS time-series data into a latent space using a variational recurrent autoencoder, applies mutation operations, and reconstructs the time-series, introducing plausible anomalies that reflect multivariate correlations. Evaluations of ICS datasets show that these synthetic anomalies are visually and statistically credible. Training a binary classifier on data augmented with these anomalies effectively mitigates the class imbalance problem. [ABSTRACT FROM AUTHOR]

Published

2024

13. 工业网络的高级可持续性威胁监测、溯源技术.

Author

赵云龙, 霍朝宾, 于运涛, 王绍杰, and 鲁华伟

Abstract

Copyright of Cyber Security & Data Governance is the property of Editorial Office of Information Technology & Network Security and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

14. Explainable correlation-based anomaly detection for Industrial Control Systems

Author

Ermiyas Birihanu and Imre Lendák

Subjects

anomaly detection, correlation, explainable, Industrial Control System, root cause analysis, Electronic computers. Computer science, QA75.5-76.95

Abstract

Anomaly detection is vital for enhancing the safety of Industrial Control Systems (ICS). However, the complicated structure of ICS creates complex temporal correlations among devices with many parameters. Current methods often ignore these correlations and poorly select parameters, missing valuable insights. Additionally, they lack interpretability, operating efficiently with limited resources, and root cause identification. This study proposes an explainable correlation-based anomaly detection method for ICS. The optimal window size of the data is determined using Long Short-Term Memory Networks—Autoencoder (LSTM-AE) and the correlation parameter set is extracted using the Pearson correlation. A Latent Correlation Matrix (LCM) is created from the correlation parameter set and a Latent Correlation Vector (LCV) is derived from LCM. Based on the LCV, the method utilizes a Multivariate Gaussian Distribution (MGD) to identify anomalies. This is achieved through an anomaly detection module that incorporates a threshold mechanism, utilizing alpha and epsilon values. The proposed method utilizes a novel set of input features extracted using the Shapley Additive explanation (SHAP) framework to train and evaluate the MGD model. The method is evaluated on the Secure Water Treatment (SWaT), Hardware-in-the-loop-based augmented ICS security (HIL-HAI), and Internet of Things Modbus dataset using precision, recall, and F-1 score metrics. Additionally, SHAP is used to gain insights into the anomalies and identify their root causes. Comparative experiments demonstrate the method's effectiveness, achieving a better 0.96% precision and 0.84% F1-score. This enhanced performance aids ICS engineers and decision-makers in identifying the root causes of anomalies. Our code is publicly available at a GitHub repository: https://github.com/Ermiyas21/Explainable-correlation-AD.

Published

2025

15. Survey of industrial Internet traffic analysis technology

Author

LIU Qixu, XIAO Juxin, TAN Yaokang, WANG Chengchun, HUANG Hao, ZHANG Fangjiao, YIN Jie, and LIU Yuling

Subjects

industrial Internet, industrial control system, traffic analysis, machine learning, Telecommunication, TK5101-6720

Abstract

To gain an in-depth awareness of the application of traffic analysis technology in the industrial Internet, the differences between the industrial Internet and the traditional Internet through the five core traffic analysis processes were illustrated. By reviewing a large number of related papers, the application of six popular were summarized in the industrial Internet, such as traffic prediction, protocol identification and reverse engineering, industrial asset fingerprinting, intrusion detection, encrypted traffic identification and vulnerability mining. Depending on the nature of the task, traffic analysis technology was classified into two types of applications, such as service quality enhancement and security capability development, allowing to thoroughly explore the application scenarios of traffic analysis technology in the industrial Internet. Finally, the challenges associated with future traffic analysis applications in the industrial Internet were examined, as well as potential development possibilities.

Published

2024

16. Survey of time series anomaly detection for industrial sensor networks

Author

Yue WU, Guoyan CAO

Subjects

industrial control system, sensor network, time series, anomaly detection, Electronic computers. Computer science, QA75.5-76.95

Abstract

The deep integration of industrial control systems and information networks drives the trend towards networking and intelligence in future industrial development. Industrial sensor networks, crucial for industrial system networking, raise concerns in industrial security, particularly regarding data security. Anomalies in industrial sensor network data impact the physical, information, and network security of industrial control systems. Industrial sensor network anomaly detection, addressing network attacks and physical faults, involves analyzing complex, multi-layered, and multi-scale sensor time series data to discover hidden anomalous logic and fault causes. The causes of anomalies in industrial sensor networks were summarized, research progress in industrial sensor network anomaly detection was reviewed systematically, and key technologies and typical methods were explained categorically from three perspectives: time series features, spatiotemporal multiscale, and non-structured graph representation. The developmental trajectories and major breakthroughs of various existing methods were analyzed and consolidated. Datasets and evaluation metrics currently used for industrial sensor networks were introduced, the detection performance of existing methods was summarized, and through comparative analysis of experimental results, the characteristics and technical focuses of each method were highlighted. The application prospects of existing work were pointed out and the challenges faced by current anomaly detection methods in practical applications were outlined. Future development trends and research directions for industrial sensor network anomaly detection were suggested.

Published

2024

17. False Data Injection Attack Detection, Isolation, and Identification in Industrial Control Systems Based on Machine Learning: Application in Load Frequency Control.

Author

Mokhtari, Sohrab and Yen, Kang K.

Subjects

INDUSTRIAL controls manufacturing, ARTIFICIAL intelligence, MACHINE learning, INFORMATION & communication technologies, CYBERTERRORISM

Abstract

The integration of advanced information and communication technology in smart grids has exposed them to increased cyber attacks. Traditional model-based fault detection systems rely on mathematical models to identify malicious activities but struggle with the complexity of modern systems. This paper explores the application of artificial intelligence, specifically machine learning, to develop fault detection mechanisms that do not depend on these models. We focus on operational technology for fault detection, isolation, and identification (FDII) within smart grids, specifically examining a load frequency control (LFC) system. Our proposed approach uses sensor data to accurately identify threats, demonstrating promising results in simulated environments. [ABSTRACT FROM AUTHOR]

Published

2024

18. An online intrusion detection method for industrial control systems based on extended belief rule base.

Author

Qian, Guangyu, Li, Jinyuan, He, Wei, Zhang, Wei, and Cao, You

Subjects

*INDUSTRIAL controls manufacturing, *INFORMATION storage & retrieval systems

Abstract

Intrusion detection in industrial control systems (ICS) is crucial for maintaining the security of physical information systems. However, the existing models predominantly rely on black-box approaches, which exhibit limitations in result credibility and the ability to adapt to complex and dynamic environments. Consequently, this paper proposes an online updatable extended belief rule base model (O-EBRB) for intrusion detection in ICS. Firstly, an industrial intrusion detection model rooted in the extended belief rule base (EBRB) is established. This model excels in concurrently processing both quantitative and qualitative data, ensuring the reliability of its outcomes. Subsequently, a novel domain-based rule update methodology for integrating new observation data is proposed. By incorporating or merging fresh data into the original model, it enhances the model's adaptability in dynamic settings. Finally, employing the domain-based rule weight calculation approach, the model continues to effectively compute model parameters even with the continuous expansion of rules. Through extensive experimentation on two real-world industrial intrusion detection datasets, the results demonstrate the effectiveness of the proposed model in handling information and its robust performance in dynamic environments. [ABSTRACT FROM AUTHOR]

Published

2024

19. 面向工业传感网络的时间序列异常检测综述.

Author

吴越 and 曹国彦

Abstract

Copyright of Chinese Journal of Network & Information Security is the property of Beijing Xintong Media Co., Ltd. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

20. A safety fault diagnosis method on industrial intelligent control equipment.

Author

Zhang, Hanrui, Li, Qianmu, Meng, Shunmei, Xu, Zhuoran, Lv, Chaoxian, and Zhou, Cangqi

Subjects

*INTELLIGENT control systems, *INDUSTRIAL controls manufacturing, *PLANT performance, *FAULT diagnosis, *DIAGNOSIS methods, *INFORMATION technology, *SCALABILITY, *INDUSTRIAL safety

Abstract

With the increasing complexity and cost of industrial control systems and the rapid development of information technology, the tolerance of industrial control equipment to performance degradation, productivity decline, and hidden safety hazards is getting lower and lower. Immediate detection of failures of industrial control equipment is of great significance for the safety of industrial control systems and reducing maintenance costs. Faced with these challenges, the traditional fault diagnosis technology based on expert knowledge has been insufficient to meet the requirements of accuracy and real-time fault diagnosis of industrial control systems due to its high cost and low efficiency. Aiming at the problem that the fault diagnosis method in the current industrial control environment is not systematic, this paper proposes a Safety Fault diagnosis system for industrial intelligent control equipment based on DevOps concept and deep CNN. Based on the in-depth analysis of the principles of CNN, this paper improves the model's robustness from the perspective of data set enhancement, fault diagnosis performance, and noise immunity analysis. Finally, it is proved through experiments that the fault diagnosis model can effectively deal with the lack of fault samples by adopting the fault data set enhancement method based on periodic overlapping sampling. Our fault diagnosis system based on DevOps and CNN proposed in this paper has high scalability and can accurately predict fault input. [ABSTRACT FROM AUTHOR]

Published

2024

21. CAGCN: Centrality-Aware Graph Convolution Network for Anomaly Detection in Industrial Control Systems.

Author

Yang, Jun, Sheng, Yi-Qiang, Wang, Jin-Lin, and Ni, Hong

Subjects

INDUSTRIAL controls manufacturing, ANOMALY detection (Computer security), WATER distribution, WATER purification, DATA mining

Abstract

In industrial control systems, the utilization of deep learning based methods achieves improvements for anomaly detection. However, most current methods ignore the association of inner components in industrial control systems. In industrial control systems, an anomaly component may affect the neighboring components; therefore, the connective relationship can help us to detect anomalies effectively. In this paper, we propose a centrality-aware graph convolution network (CAGCN) for anomaly detection in industrial control systems. Unlike the traditional graph convolution network (GCN) model, we utilize the concept of centrality to enhance the ability of graph convolution networks to deal with the inner relationship in industrial control systems. Our experiments show that compared with GCN, our CAGCN has a better ability to utilize this relationship between components in industrial control systems. The performances of the model are evaluated on the Secure Water Treatment (SWaT) dataset and the Water Distribution (WADI) dataset, the two most common industrial control systems datasets in the field of industrial anomaly detection. The experimental results show that our CAGCN achieves better results on precision, recall, and F1 score than the state-of-the-art methods. [ABSTRACT FROM AUTHOR]

Published

2024

22. Digital Forensics for Analyzing Cyber Threats in the XR Technology Ecosystem within Digital Twins.

Author

Oh, Subin and Shon, Taeshik

Subjects

DIGITAL forensics, DIGITAL twin, DIGITAL technology, CYBERTERRORISM, INDUSTRIAL controls manufacturing, ECOSYSTEMS, VIRTUAL reality, AUGMENTED reality

Abstract

Recently, advancements in digital twin and extended reality (XR) technologies, along with industrial control systems (ICSs), have driven the transition to Industry 5.0. Digital twins mimic and simulate real-world systems and play a crucial role in various industries. XR provides innovative user experiences through virtual reality (VR), augmented reality (AR), and mixed reality (MR). By integrating digital twin simulations into XR devices, these technologies are utilized in various industrial fields. However, the prevalence of XR devices has increased the exposure to cybersecurity threats in ICS and digital twin environments. Because XR devices are connected to networks, the control and production data they process are at risk of being exposed to cyberattackers. Attackers can infiltrate XR devices through malicious code or hacking attacks to take control of the ICS or digital twin or paralyze the system. Therefore, this study emphasizes the cybersecurity threats in the ecosystem of XR devices used in ICSs and conducts research based on digital forensics. It identifies potentially sensitive data and artifacts in XR devices and proposes secure and reliable security response measures in the Industry 5.0 environment. [ABSTRACT FROM AUTHOR]

Published

2024

23. Efficient Cyberattack Detection Methods in Industrial Control Systems.

Author

Marusak, Piotr, Nebeluk, Robert, Wojtulewicz, Andrzej, Cabaj, Krzysztof, Chaber, Patryk, Ławryńczuk, Maciej, Plamowski, Sebastian, and Zarzycki, Krzysztof

Subjects

*INDUSTRIAL controls manufacturing, *PROGRAMMABLE controllers, *CYBERTERRORISM, *PID controllers

Abstract

The article deals with the issue of detecting cyberattacks on control algorithms running in a real Programmable Logic Controller (PLC) and controlling a real laboratory control plant. The vulnerability of the widely used Proportional–Integral–Derivative (PID) controller is investigated. Four effective, easy-to-implement, and relatively robust methods for detecting attacks on the control signal, output variable, and parameters of the PID controller are researched. The first method verifies whether the value of the control signal sent to the control plant in the previous step is the actual value generated by the controller. The second method relies on detecting sudden, unusual changes in output variables, taking into account the inertial nature of dynamic plants. In the third method, a copy of the controller parameters is used to detect an attack on the controller's parameters implemented in the PLC. The fourth method uses the golden run in attack detection. [ABSTRACT FROM AUTHOR]

Published

2024

24. Edge Computing-Based Modular Control System for Industrial Environments.

Author

Gouveia, Gonçalo, Alves, Jorge, Sousa, Pedro, Araújo, Rui, and Mendes, Jérôme

Subjects

INDUSTRIAL controls manufacturing, DIGITAL signal processing, FAST Fourier transforms, ANALOG-to-digital converters, SIGNAL processing, FEATURE extraction, COMPUTATIONAL intelligence

Abstract

This paper presents a modular hardware control system tailored for industrial applications. The system presented is designed with electrical protection, guaranteeing the reliable operation of its modules in the presence of various field noises and external disturbances. The modular architecture comprises a principal module (mP) and dedicated expansion modules (mEXs). The principal module serves as the network administrator and facilitates interaction with production and control processes. The mEXs are equipped with sensors, conditioning circuits, analog-to-digital converters, and digital signal processing capabilities. The mEX's primary function is to acquire local processing field signals and ensure their reliable transmission to the mP. Two specific mEXs were developed for industrial environments: an electrical signal expansion module (mSE) and the vibration signals expansion module (mSV). The EtherCAT protocol serves as a means of communication between the modules, fostering deterministic and real-time interactions while also simplifying the integration and replacement of modules within the modular architecture. The proposed system incorporates local and distributed processing in which data acquisition, processing, and data analysis are carried out closer to where data are generated. Locally processing the acquired data close to the production in the mEX increases the mP availability and network reliability. For the local processing, feature extraction algorithms were developed on the mEX based on a Fast Fourier Transform (FFT) algorithm and a curve-fitting algorithm that accurately represents a given FFT curve by significantly reducing the amount of data that needs to be transmitted over the mP. The proposed system offers a promising solution to use computational intelligence methodologies and meet the growing need for a modular industrial control system with reliable local data processing to reach a smart industry. The case study of acquiring and processing vibration signals from a real cement ball mill showed a good capacity for processing data and reducing the amount of data. [ABSTRACT FROM AUTHOR]

Published

2024

25. TabGAN-Powered Data Augmentation and Explainable Boosting-Based Ensemble Learning for Intrusion Detection in Industrial Control Systems

Author

Nguyen, Tuyen T., Nguyen, Phong H., Nguyen, Minh Q., Nguyen, Hoa N., Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Nguyen, Ngoc Thanh, editor, Franczyk, Bogdan, editor, Ludwig, André, editor, Núñez, Manuel, editor, Treur, Jan, editor, Vossen, Gottfried, editor, and Kozierkiewicz, Adrianna, editor

Published

2024

26. CWMAGAN-GP-Based Oversampling Technique for Intrusion Detection

Author

Shang, Wenli, Huang, Zifeng, Gu, Zhaojun, Cao, Zhong, Ding, Lei, Wang, Shuang, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Huang, De-Shuang, editor, Chen, Wei, editor, and Pan, Yijie, editor

Published

2024

27. A Deep Detection Method of Abnormal State of Industrial Control System Based on Hierarchical Clustering Analysis

Author

Zhang, Zheyu, Zhang, Xiaofei, Wang, Rui, Cao, Yu, Jia, Mengdi, Sun, Jun, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Gu, Zhaoquan, editor, Zhou, Wanlei, editor, Zhang, Jiawei, editor, Xu, Guandong, editor, and Jia, Yan, editor

Published

2024

28. Evasion Attack Against Multivariate Singular Spectrum Analysis Based IDS

Author

Maurya, Vikas, Agarwal, Rachit, Shukla, Sandeep, Hartmanis, Juris, Founding Editor, Goos, Gerhard, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Pickl, Stefan, editor, Hämmerli, Bernhard, editor, Mattila, Päivi, editor, and Sevillano, Annaleena, editor

Published

2024

29. A Method for Threat Modelling of Industrial Control Systems

Author

Flå, Lars Halvdan, Jaatun, Martin Gilje, Onwubiko, Cyril, editor, Rosati, Pierangelo, editor, Rege, Aunshul, editor, Erola, Arnau, editor, Bellekens, Xavier, editor, Hindy, Hanan, editor, and Jaatun, Martin Gilje, editor

Published

2024

30. Deep Learning-Based Anomaly Detection in Cyber-Physical System

Author

Oswal, Sangeeta, Shinde, Subhash K., Vijayalakshmi, M., Chakrabarti, Amlan, Series Editor, Becker, Jürgen, Editorial Board Member, Hu, Yu-Chen, Editorial Board Member, Chattopadhyay, Anupam, Editorial Board Member, Tribedi, Gaurav, Editorial Board Member, Saha, Sriparna, Editorial Board Member, Goswami, Saptarsi, Editorial Board Member, Sharma, Nonita, editor, Mangla, Monika, editor, and Shinde, Subhash K., editor

Published

2024

31. Infrastructure and Tools for Testing the Vulnerability of Control Systems to Cyberattacks: A Coal Mine Industrial Facility Case

Author

Sebastian Plamowski, Patryk Chaber, Maciej Ławryńczuk, Robert Nebeluk, Ewa Niewiadomska-Szynkiewicz, Jakub Suchorab, Krzysztof Zarzycki, Adam Kozakiewicz, and Andrzej Stachurski

Subjects

cybersecurity, cyberattack, testing infrastructure, industrial control system, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

Testing the vulnerability of information systems to cyberattacks is essential to ensure the operational security of organizations and industrial processes. In particular, it is essential to ensure the resilience of industrial processes, as a possible cyberattack can lead to process malfunctions and even process shutdowns, which can lead to substantial economic losses. The possibility of various attacks, e.g., ransomware, phishing, or advanced persistent threats (APTs), requires the evaluation of the effectiveness of cyberattack detection and incident response mechanisms. In industry, it is often impossible to carry out this type of test without risking system disruption, making it difficult to assess the true effectiveness of security features. This article discusses the issues concerned with testing the cyber resilience of a system operating in a real coal mine. First, this work briefly presents the hardware and software architecture used in the coal mine. Secondly, it describes the problem of replicating a real system in the laboratory and the necessary tools and methods used to implement a resilient system architecture. Finally, the scenarios of cyberattacks are detailed, and the obtained results are discussed.

Published

2024

32. Synthesis of resilient fallback control system under cyber-attacks via supervisory control.

Author

Sakata, Kousei, Sawada, Kenji, Ogura, Takashi, Fujita, Junya, and Matsumoto, Noritaka

Subjects

*SUPERVISORY control systems, *DISCRETE systems, *LOGIC design, *AUTOMATION, *PROGRAMMABLE controllers

Abstract

Industrial control systems (ICS) require system design and operation under cyber-attacks. This study aims to design a fallback control system that can switch from normal control to fallback control and verify its superiority. The target system is a factory automation (FA) system consisting of a normal programmable logic controller (PLC) and a fallback PLC. In this system, we design a fallback logic that takes over control in the case of cyber-attacks. The design of this logic requires a system model that manages smooth state transitions between normal control and fallback control in an integrated manner under cyber-attacks. In response, we model a control program in the framework of discrete event systems (DESs) and apply supervisory control to derive a supervisor model that can manage the system in an integrated manner. To ensure the controllability of the FA system during cyber-attacks, we design a control specification that includes a detection function to enable rapid switching of the control state. As a result, we generate the fallback logic from the supervisor model with guaranteed controllability under cyber-attacks and implement it in a fallback PLC to verify the effectiveness of the proposed logic. [ABSTRACT FROM AUTHOR]

Published

2024

33. Two-Phase Industrial Control System Anomaly Detection Using Communication Patterns and Deep Learning.

Author

Kim, Sungjin, Jo, Wooyeon, Kim, Hyunjin, Choi, Seokmin, Jung, Da-I, Choi, Hyeonho, and Shon, Taeshik

Subjects

INDUSTRIAL controls manufacturing, DEEP learning, COMMUNICATION patterns, BUSINESS communication, INTERNET of things

Abstract

Several cases of Industrial Internet of Things (IIoT) attacks with zero-day vulnerabilities have been reported. To prevent these attacks, it is necessary to apply an abnormal behavior detection method; however, there are three main problems that make it hard. First, there are various industrial communication protocols. Instead of IT environments, many unstandardized protocols, which are usually defined by vendors, are used. Second, legacy devices are commonly used, not only EOS (End-of-service), but also EoL (End-of-Life). And last, the analysis of collected data is necessary for defining normal behavior. This behavior should be separately defined in each IIoT. Therefore, it is difficult to apply abnormal behavior detection in environments where economic and human investment is difficult. To solve these problems, we propose a deep learning based abnormal behavior detection technique that utilizes IIoT communication patterns. The proposed method uses a deep learning technique to train periodic data acquisition sequences, which is one of the common characteristics of IIoT. The trained model determined the sequence of packet is normal. The proposed technique can be applied without an additional analysis. The proposed method is expected to prevent security threats by proactively detecting cyberattacks. To verify the proposed method, a dataset was collected from the Korea Electric Power Control System. The model that defines normal behavior based on the application layer exhibits an accuracy of 79.6%. The other model, defining normal behavior based on the transport layer, has an accuracy of 80.9%. In these two models, most false positives and false negatives only occur when the abnormal packet is in a sequence. [ABSTRACT FROM AUTHOR]

Published

2024

34. Generating ICS vulnerability playbooks with open standards.

Author

Empl, Philip, Schlette, Daniel, Stöger, Lukas, and Pernul, Günther

Subjects

*INDUSTRIAL controls manufacturing, *VIRTUAL private networks, *SYSTEMS availability, *CACAO, *APPLICATION program interfaces

Abstract

Organizations face attacks on industrial control systems (ICS) as vulnerabilities are pervasive. However, patching vulnerable systems by simply updating to the newest version is often not an option and shifts focus to workarounds. Beyond pure patching, workarounds specify other remediation measures (e.g., firewall or VPN configuration) that must be taken due to system availability requirements, complexity, or heterogeneous devices. In this paper, we introduce vulnerability playbooks based on open standards. Pushing the envelope of cybersecurity playbooks—steps organizations should follow when responding to cybersecurity incidents reactively—for ICS vulnerability management offers organizations a more transparent, repeatable process and faster, possibly automated actions. We have designed a process model to collect and transform security advisories in Common Security Advisory Framework (CSAF) format and generate Collaborative Automated Course of Action Operations (CACAO) playbooks based on listed remediation advice. With a proof of concept, we demonstrate that structured CSAF documents can be seamlessly transformed into CACAO playbooks. For our industrial use case, we must also use unstructured security advice highlighting quality differences (compared to CSAF). Our generated 79 standard conformant CACAO playbooks with 485 identified actions hint at imbalanced advice toward patching. Preferably, vendors should include detailed technical remediation advice, provide APIs, and go beyond patching recommendations in their security advisories. Subscribers should structure their assets and use machine learning to normalize, generate, and prioritize CACAO playbooks. With CSAF and CACAO, we see two open standards for handling vulnerabilities. [ABSTRACT FROM AUTHOR]

Published

2024

35. Security Assessment of Industrial Control System Applying Reinforcement Learning.

Author

Ibrahim, Mariam and Elhafiz, Ruba

Subjects

INDUSTRIAL controls manufacturing, INDUSTRIAL security, REINFORCEMENT learning, TELECOMMUNICATION systems, SECURITY systems

Abstract

Industrial control systems are often used to assist and manage an industrial operation. These systems' weaknesses in the various hierarchical structures of the system components and communication backbones make them vulnerable to cyberattacks that jeopardize their security. In this paper, the security of these systems is studied by employing a reinforcement learning extended attack graph to efficiently reveal the subsystems' flaws. Specifically, an attack graph that mimics the environment is constructed for the system using the state–action–reward–state–action technique, in which the agent is regarded as the attacker. Attackers may cause the greatest amount of system damage with the fewest possible actions if they have the highest cumulative reward. The worst-case assault scheme with a total reward of 42.9 was successfully shown in the results, and the most badly affected subsystems were recognized. [ABSTRACT FROM AUTHOR]

Published

2024

36. Advancing IoT Cybersecurity: Adaptive Threat Identification with Deep Learning in Cyber-Physical Systems.

Author

Atheeq, C., Sultana, Ruhiat, Sabahath, Syeda Asfiya, and Khan Mohammed, Murtuza Ahmed

Subjects

DEEP learning, CYBER physical systems, ARTIFICIAL neural networks, INTERNET of things, INDUSTRIAL controls manufacturing, GAS purification

Abstract

Securing Internet of Things (IoT)-enabled Cyber-Physical Systems (CPSs) can be challenging because security solutions intended for typical IT/OT systems may not be as effective in a CPS setting. The goal of this study is to create a mechanism for identifying and attributing two-level ensemble attacks that are specifically designed for use against Industrial Control Systems (ICSs). An original ensemble deep representation learning model is combined with decision tree algorithm to identify assaults on unbalanced ICS environments at the first level. An attack attribution network, which constitutes a collection of deep neural networks, is formed at the second level. The proposed model is tested using real-world datasets, notably those pertaining to water purification and gas pipelines. The results demonstrate that the proposed strategy outperforms other strategies with comparable computing complexity and that the recommended model outperforms the existing mechanisms. [ABSTRACT FROM AUTHOR]

Published

2024

37. SAKMR: Industrial control anomaly detection based on semi-supervised hybrid deep learning.

Author

Tang, Shijie, Ding, Yong, Zhao, Meng, and Wang, Huiyong

Subjects

DEEP learning, RADIAL basis functions, INDUSTRIAL controls manufacturing, K-means clustering

Abstract

With the advent of Industry 4.0, industrial control systems (ICS) are more and more closely connected with the Internet, leading to a rapid increase in the types and quantities of security threats that arise from ICS. Anomaly detection is an effective defense measure against attacks. At present, it is the main trend to use hybrid deep learning methods to realize ICS anomaly detection. However, we found that many ICS anomaly detection methods based on hybrid deep learning adopt phased learning, in which each phase is optimized separately with optimization goals deviating from the overall goal. In view of this issue, we propose an end-to-end anomaly detection method SAKMR based on hybrid deep learning. Our method uses radial basis function network (RBFN) to realize K-means clustering, and combines it with stacked auto-encoder (SAE), which is conducive to defining reconstruction error and clustering error into an objective function to ensure joint optimization of feature extraction and classification. Experiments were conducted on the commonly used KDDCUP99 and SWAT datasets. The results show that SAKMR is effective in detecting abnormal industrial control data and outperforms the baseline methods on multiple performance indicators such as F1-Measure. [ABSTRACT FROM AUTHOR]

Published

2024

38. Automated federated learning‐based adversarial attack and defence in industrial control systems

Author

Guo‐Qiang Zeng, Jun‐Min Shao, Kang‐Di Lu, Guang‐Gang Geng, and Jian Weng

Subjects

adversarial attacks, adversarial robustness, automated federated learning, Industrial control system, intrusion detection, Cybernetics, Q300-390, Electronic computers. Computer science, QA75.5-76.95

Abstract

Abstract With the development of deep learning and federated learning (FL), federated intrusion detection systems (IDSs) based on deep learning have played a significant role in securing industrial control systems (ICSs). However, adversarial attacks on ICSs may compromise the ability of deep learning‐based IDSs to accurately detect cyberattacks, leading to serious consequences. Moreover, in the process of generating adversarial samples, the selection of replacement models lacks an effective method, which may not fully expose the vulnerabilities of the models. The authors first propose an automated FL‐based method to generate adversarial samples in ICSs, called AFL‐GAS, which uses the principle of transfer attack and fully considers the importance of replacement models during the process of adversarial sample generation. In the proposed AFL‐GAS method, a lightweight neural architecture search method is developed to find the optimised replacement model composed of a combination of four lightweight basic blocks. Then, to enhance the adversarial robustness, the authors propose a multi‐objective neural architecture search‐based IDS method against adversarial attacks in ICSs, called MoNAS‐IDSAA, by considering both classification performance on regular samples and adversarial robustness simultaneously. The experimental results on three widely used intrusion detection datasets in ICSs, such as secure water treatment (SWaT), Water Distribution, and Power System Attack, demonstrate that the proposed AFL‐GAS method has obvious advantages in evasion rate and lightweight compared with other four methods. Besides, the proposed MoNAS‐IDSAA method not only has a better classification performance, but also has obvious advantages in model adversarial robustness compared with one manually designed federated adversarial learning‐based IDS method.

Published

2024

39. Industrial Control System-Anomaly Detection Dataset (ICS-ADD) for Cyber-Physical Security Monitoring in Smart Industry Environments

Author

Giovanni Battista Gaggero, Alessandro Armellin, Giancarlo Portomauro, and Mario Marchese

Subjects

Industrial control system, smart industry, cybersecurity, open source, OSSIM, Suricata, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

The increasing integration of cyber-physical systems in industrial environments has underscored the critical need of robust security mechanisms to counteract evolving cyber threats. To allow a full performance evaluation of these security mechanisms as well as the extension of their detection skills concerning new cyber-physical-attacks, this paper introduces an open-source dataset, called Industrial Control System - Anomaly Detection Dataset (ICS-ADD). ICS-ADD would like to be a valuable resource for researchers and practitioners who aim to develop, test, and benchmark new cyber-physical security monitoring and detection technologies. ICS-ADD comprises raw network traffic captures of an industrial control system (ICS) subjected to a variety of simulated cyber-attacks, including but not limited to denial of service (DoS), man-in-the-middle (MITM), and malware infiltration. In addition to raw network traffic, ICS-ADD includes the output of two widely utilized open-source security monitoring tools, OSSIM (Open Source Security Information Management) and Suricata, which offer insights concerning the detection and analysis capabilities of existing security frameworks against threats. The analysis appearing in this paper highlights the complexity and variety of modern cyber threats in industrial environments and the novelty of ICS-ADD with respect to publicly available datasets. The reported performance analysis of OSSIM and Suricata by using ICS-ADD reveals areas of improvement for the detection of new attacks, which will be object of future research concerning the protection of industrial control systems.

Published

2024

40. Scrutinizing Security in Industrial Control Systems: An Architectural Vulnerabilities and Communication Network Perspective

Author

Muhammad Muzamil Aslam, Ali Tufail, Rosyzie Anna Awg Haji Mohd Apong, Liyanage Chandratilak De Silva, and Muhammad Taqi Raza

Subjects

Industrial control system, ICS security, IoT, IIoT, cyber security, ICS architecture, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Technological advancement plays a crucial role in our daily lives and constantly transforms the industrial sector. However, these technologies also introduce new security vulnerabilities to Industrial Control Systems (ICS). Attackers take advantage of these weaknesses to infiltrate the ICS environment. The size of the targeted industry and the attacker’s knowledge of the internal ICS environment are crucial factors in determining the degree of impact. Researchers and industry professionals have taken several initiatives to identify and address security problems in the ICS environment; however, to our knowledge, a comprehensive survey of this landscape has yet to be conducted. Existing surveys have limitations since they mainly focus on specific aspects of ICS security rather than covering the security aspects holistically. This paper aims to cover all aspects of security in ICS by classifying the ICS environment into its components, such as SCADA, PLC, DCS, RTU, HMI, MTU, etc. The paper then discusses the vulnerabilities in the modern ICS environment, including those of the specific components. The article also presents a classification of ICS-specific attack types. Furthermore, the study examines real-world attack scenarios in the industrial critical infrastructure sectors, including energy, power, water, and wastewater. This study provides an in-depth analysis of ICS security that empowers researchers and industry practitioners to comprehend the complexities of ICS security and to strengthen the ICS environment’s resilience proactively.

Published

2024

41. Detecting Cybersecurity Threats for Industrial Control Systems Using Machine Learning

Author

Woohyun Choi, Suman Pandey, and Jongwon Kim

Subjects

Cybersecurity, industrial control system, MITRE ATT&CK, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Industrial control systems (ICS) are vital for ensuring the reliability and operational efficiency of critical infrastructure across various industries. However, due to their integration into modernized network environments, they are inadvertently exposed to a variety of cybersecurity threats that can compromise the reliability of critical infrastructure. This study aims to enhance ICS security by introducing a Zero Inflated Poisson (ZIP) based GRU Learning model to detect anomalies of ICS traffic in conjunction with the MITRE ATT&CK framework. The model’s effectiveness was validated through experiments simulating two major cyberattack scenarios: the ‘Stuxnet’ attack and the ‘Industroyer’ attack, achieving over 95% success in attack detection. By mapping the anomalies to the MITRE ATT&CK framework, we were able to lay the groundwork for an efficient response strategy to the attacks. These findings are expected to make a meaningful contribution to assessing and strengthening the security posture of ICS.

Published

2024

42. Development of Security Protection Technologies for Industrial Control System

Author

Sun Yanbin, Wang Hongyi, Tian Zhihong and Fang Binxing>

Subjects

industrial control system, security protection, autonomous and controllable, new security-protection architecture, guard mode, Engineering (General). Civil engineering (General), TA1-2040

Abstract

Industrial control system (ICS) is gradually transitioning from being closed and isolated to open and interconnected. The network threats to ICS are becoming highly hidden, strong-confrontation, and cross-domain in nature. Once subjected to cyberattacks, industrial production will be directly affected. Consequently, network attacks on ICS and corresponding security protection technologies have attracted significant attention. This study focuses on the security protection issues of ICS. First, we analyzed the specific characteristics of ICS security protection, as well as the unclear and uncontrollable security challenges of ICS. The network attacks on ICS are summarized and analyzed, and then the security protection systems with a self-defense mode, such as border protection and defense in depth, are discussed. In view of the security challenges, the development ideas are given from the aspects of security and controllability of ICS and a novel security protection system of ICS, and key tasks and key technology research paths are as follows: establishing an autonomous and controllable ICS security ecology and a security assurance mechanism of foreign devices based on limiters, and exploring the new security protection system of ICS based on a self-defense plus guard mode, such that the security protection ability of ICS can be better improved.

Published

2023

43. Improving Deceptive Patch Solutions Using Novel Deep Learning-Based Time Analysis Model for Industrial Control Systems

Author

Hayriye Tanyıldız, Canan Batur Şahin, and Özlem Batur Dinler

Subjects

industrial control system, adversarial system, deep learning, cyberdeception, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

Industrial control systems (ICSs) are critical components automating the processes and operations of electromechanical systems. These systems are vulnerable to cyberattacks and can be the targets of malicious activities. With increased internet connectivity and integration with the Internet of Things (IoT), ICSs become more vulnerable to cyberattacks, which can have serious consequences, such as service interruption, financial losses, and security hazards. Threat actors target these systems with sophisticated attacks that can cause devastating damage. Cybersecurity vulnerabilities in ICSs have recently led to increasing cyberattacks and malware exploits. Hence, this paper proposes to develop a security solution with dynamic and adaptive deceptive patching strategies based on studies on the use of deceptive patches against attackers in industrial control systems. Within the present study’s scope, brief information on the adversarial training method and window size manipulation will be presented. It will emphasize how these methods can be integrated into industrial control systems and how they can increase cybersecurity by combining them with deceptive patch solutions. The discussed techniques represent an approach to improving the network and system security by making it more challenging for attackers to predict their targets and attack methods. The acquired results demonstrate that the suggested hybrid method improves the application of deception to software patching prediction, reflecting enhanced patch security.

Published

2024

44. Mutation-Based Multivariate Time-Series Anomaly Generation on Latent Space with an Attention-Based Variational Recurrent Neural Network for Robust Anomaly Detection in an Industrial Control System

Author

Seungho Jeon, Kijong Koo, Daesung Moon, and Jung Taek Seo

Subjects

anomaly generation, variational Bayes, attention mechanism, recurrent neural network, industrial control system, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

Anomaly detection involves identifying data that deviates from normal patterns. Two primary strategies are used: one-class classification and binary classification. In Industrial Control Systems (ICS), where anomalies can cause significant damage, timely and accurate detection is essential, often requiring analysis of time-series data. One-class classification is commonly used but tends to have a high false alarm rate. To address this, binary classification is explored, which can better differentiate between normal and anomalous data, though it struggles with class imbalance in ICS datasets. This paper proposes a mutation-based technique for generating ICS time-series anomalies. The method maps ICS time-series data into a latent space using a variational recurrent autoencoder, applies mutation operations, and reconstructs the time-series, introducing plausible anomalies that reflect multivariate correlations. Evaluations of ICS datasets show that these synthetic anomalies are visually and statistically credible. Training a binary classifier on data augmented with these anomalies effectively mitigates the class imbalance problem.

Published

2024

45. EPASAD: ellipsoid decision boundary based Process-Aware Stealthy Attack Detector

Author

Vikas Maurya, Rachit Agarwal, Saurabh Kumar, and Sandeep Shukla

Subjects

Intrusion detection system, Critical infrastructure security, Industrial control system, Machine learning, Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95

Abstract

Abstract Due to the importance of Critical Infrastructure (CI) in a nation’s economy, they have been lucrative targets for cyber attackers. These critical infrastructures are usually Cyber-Physical Systems such as power grids, water, and sewage treatment facilities, oil and gas pipelines, etc. In recent times, these systems have suffered from cyber attacks numerous times. Researchers have been developing cyber security solutions for CIs to avoid lasting damages. According to standard frameworks, cyber security based on identification, protection, detection, response, and recovery are at the core of these research. Detection of an ongoing attack that escapes standard protection such as firewall, anti-virus, and host/network intrusion detection has gained importance as such attacks eventually affect the physical dynamics of the system. Therefore, anomaly detection in physical dynamics proves an effective means to implement defense-in-depth. PASAD is one example of anomaly detection in the sensor/actuator data, representing such systems’ physical dynamics. We present EPASAD, which improves the detection technique used in PASAD to detect these micro-stealthy attacks, as our experiments show that PASAD’s spherical boundary-based detection fails to detect. Our method EPASAD overcomes this by using Ellipsoid boundaries, thereby tightening the boundaries in various dimensions, whereas a spherical boundary treats all dimensions equally. We validate EPASAD using the dataset produced by the TE-process simulator and the C-town datasets. The results show that EPASAD improves PASAD’s average recall by 5.8% and 9.5% for the two datasets, respectively.

Published

2023

46. Dynamic Data Abstraction-Based Anomaly Detection for Industrial Control Systems.

Author

Cho, Jake and Gong, Seonghyeon

Subjects

INTRUSION detection systems (Computer security), ANOMALY detection (Computer security), INDUSTRIAL controls manufacturing, INFORMATION technology, MACHINE learning, NOISE control

Abstract

Industrial control systems (ICS) are critical networks directly linked to the value of core national and societal assets, yet they are increasingly becoming primary targets for numerous cyberattacks today. The ICS network, a fusion of operational technology (OT) and information technology (IT) networks, possesses a broad attack vector, and attacks targeting ICS often take the form of advanced persistent threats (APTs) exploiting zero-day vulnerabilities. However, most existing ICS security techniques have been adaptations of security technologies for IT networks, and security measures tailored to the characteristics of ICS data are currently insufficient. To mitigate cyber threats to ICS networks, this paper proposes an anomaly detection technique based on dynamic data abstraction. The proposed method abstracts ICS data collected in real time using a dynamic data abstraction technique based on noise reduction. The abstracted data are then used to optimize both the update rate and the detection accuracy of the anomaly detection model through model adaptation and incremental learning processes. The proposed approach updates the model by quickly reflecting data on new attack patterns and their distributions, effectively shortening the dwell time in response to APTs utilizing zero-day vulnerabilities. We demonstrate the attack response performance and detection accuracy of the proposed dynamic data abstraction-based anomaly detection technique through experiments using the SWaT dataset generated from a testbed of an actual ICS process. The experiments show that the proposed model achieves high accuracy with a small number of abstracted data while rapidly learning new attack pattern data in real-time without compromising accuracy. The proposed technique can effectively respond to cyberattacks targeting ICS by quickly learning and reflecting trends in attack patterns that exploit zero-day vulnerabilities. [ABSTRACT FROM AUTHOR]

Published

2024

47. Testing Commercial Intrusion Detection Systems for Industrial Control Systems in a Substation Hardware in the Loop Testlab.

Author

Storm, Jon-Martin, Houmb, Siv Hilde, Kaliyar, Pallavi, Erdodi, Laszlo, and Hagen, Janne Merete

Subjects

INDUSTRIAL controls manufacturing, INFORMATION technology, DIGITAL certificates, SECURITY systems, HARDWARE

Abstract

Industrial Control Systems (ICS) are increasingly integrated with Information Technology (IT) systems, blending Operational Technology (OT) and IT components. This evolution introduces new cyber-attack risks, necessitating specialized security measures like Intrusion Detection Systems (IDS). This paper presents our work on both developing an experimental protocol and conducting tests of various IDS types in a digital substation hardware in the loop (HIL) testbed, offering insights into their performance in realistic scenarios. Our findings reveal significant variations in IDS effectiveness against industrial-specific cyber-attacks, with IT-specific IDSs struggling to detect certain attacks and changing testlab conditions affecting the assessment of ICS-specific IDSs. The challenges faced in creating valid and reliable evaluation metrics underscore the complexities of replicating operational ICS conditions. This research enhances our understanding of IDS effectiveness in ICS settings and underscores the importance of further experimental research in HIL testlab environments. [ABSTRACT FROM AUTHOR]

Published

2024

48. A veszélyes üzemek információbiztonsági képességeinek fejlesztési lehetőségei napjaink kihívásainak tükrében.

Author

Örs, Vásárhelyi

Abstract

Copyright of Belügyi Szemle / Academic Journal of Internal Affairs is the property of Ministry of Interior of Hungary and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

49. Design Pattern and Challenges of Federated Learning with Applications in Industrial Control System.

Author

Batool, Hina, Xu, Jiuyun, Rehman, Ateeq Ur, and Hamam, Habib

Subjects

FEDERATED learning, SOFTWARE architecture, COMPUTER network architectures, SOFTWARE frameworks, INTERNET of things, MACHINE learning

Abstract

Federated Learning (FL) appeared as an encouraging approach for handling decentralized data. Creating a FL system needs both machine learning (ML) knowledge and thinking about how to design system software. Researchers have focused a lot on the ML side of FL, but have not paid enough attention to designing the software architecture. So, in this survey, a set of design patterns is described to tackle the design issues. Design patterns are like reusable solutions for common problems that come up when designing software architecture. This paper focuses on (1) design patterns such as architectures, frameworks, client selection protocols, personalization techniques, and model aggregation techniques that are building blocks of the FL system. It inquires about trade-offs and working principles accompanying each design aspect, providing insights into their effect on the scalability, performance, or security process; (2) elaborates challenges faced in the design and execution of FL systems such as communication efficiency, statistical/system heterogeneity, or security/privacy concerns. It additionally investigates continuous exploration efforts and distinguishes future examination headings to take out the design challenges and upgrade the adequacy of the frameworks, and (3) depicts some FL applications used in industrial control systems along with their limitations that pave a new research gap for industry professionals. This comprehensive study provides a valuable resource for researchers, practitioners, and system designers interested in understanding the design aspects and challenges associated with FL. [ABSTRACT FROM AUTHOR]

Published

2024

50. An Intelligent Approach for Intrusion Detection in Industrial Control System.

Author

Alkhalil, Adel, Aljaloud, Abdulaziz, Uliyan, Diaa, Altameemi, Mohammed, Abdelrhman, Magdy, Altameemi, Yaser, Ahmad, Aakash, and Mansour, Romany Fouad

Subjects

INDUSTRIAL controls manufacturing, AUTOMATIC control systems, PROGRAMMABLE controllers, COMPUTER systems, ANOMALY detection (Computer security), INTRUSION detection systems (Computer security)

Abstract

Supervisory control and data acquisition (SCADA) systems are computer systems that gather and analyze real-time data, distributed control systems are specially designed automated control system that consists of geographically distributed control elements, and other smaller control systems such as programmable logic controllers are industrial solid-state computers that monitor inputs and outputs and make logic-based decisions. In recent years, there has been a lot of focus on the security of industrial control systems. Due to the advancement in information technologies, the risk of cyberattacks on industrial control system has been drastically increased. Because they are so inextricably tied to human life, any damage to them might have devastating consequences. To provide an efficient solution to such problems, this paper proposes a new approach to intrusion detection. First, the important features in the dataset are determined by the difference between the distribution of unlabeled and positive data which is deployed for the learning process. Then, a prior estimation of the class is proposed based on a support vector machine. Simulation results show that the proposed approach has better anomaly detection performance than existing algorithms. [ABSTRACT FROM AUTHOR]

Published

2023