An Intrusion Detection Method for Industrial Control System Based on Machine Learning

Cao, Yixin; Zhang, Lei; Zhao, Xianfeng; Jin, Kai; Chen, Ziyi

doi:10.3390/info13070322

Cited by 11 publications

(2 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since the patterns of the attacks are not defnable with the exact and complete details (in the case of signature-based IDSs) and the system may make a mistake in detecting an attack (in the case of anomaly-based IDSs), there are numerous situations that the IDS incorrectly alerts for an existing attack or a suspicious packet while the Internet trafc resembles an attack pattern but no attack is happening [4]. Tese alerts are called false-positive alerts, and the problem they raise is called the false-positive alerts problem.…”

Section: Introductionmentioning

confidence: 99%

Nesting Circles: An Interactive Visualization Paradigm for Network Intrusion Detection System Alerts

Shahryari

Khanli

Ramezani

et al. 2023

Security and Communication Networks

View full text Add to dashboard Cite

Intrusion detection systems (IDSs) are valuable tools for fighting against those who want to intrude on the network and steal sensitive information for any reason. These tools, however, have difficulties in their essence. The generated alerts are in textual format, and extracting the exact information from the textual files needs lots of time and scrutiny. Also, not all alerts are accurate, and these tools suffer a setback named false-positive alerts, meaning that although no attack occurs, they may log some alerts. It is almost impossible to detect the penetration according to the discussed conditions. Information visualization is a method that transforms information into a visual representation for a better and quicker understanding. Indeed, the more the visualization is representative and straightforward, the more information it can transfer and the more worthy it is. This paper proposes a new paradigm for visualizing IDS alerts named nesting circles. We keep simplicity by using circles as the primary mark and the size and color as the only used channels. This makes the visualization easy to read and intuitive to understand. Furthermore, nesting circles provide a complete visualization of explicit and implicit information to the admin, and the previous approaches lacked this vital feature. The efficiency of nesting circles is examined through the VAST challenge case study, and it is shown to be effective in finding hidden attacks in the logs.

show abstract

Section: Introductionmentioning

confidence: 99%

Nesting Circles: An Interactive Visualization Paradigm for Network Intrusion Detection System Alerts

Shahryari

Khanli

Ramezani

et al. 2023

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Specialized IDS tools dedicated to OT are already offered on the market. Machine learning based approaches are still being explored, such as the hybrid system for distinguishing between attacks with known signatures, attacks with unknown signatures, and normal network traffic described in [59]. The third solution, on the other hand, is specific to control systems.…”

mentioning

confidence: 99%

Integrated Approach to Diagnostics of Failures and Cyber-Attacks in Industrial Control Systems

et al. 2022

View full text Add to dashboard Cite

This paper is concerned with the issue of the diagnostics of process faults and the detection of cyber-attacks in industrial control systems. This problem is of significant importance to energy production and distribution, which, being part of critical infrastructure, is usually equipped with process diagnostics and, at the same time, is often subject to cyber-attacks. A commonly used approach would be to separate the two types of anomalies. The detection of process faults would be handled by a control team, often with a help of dedicated diagnostic tools, whereas the detection of cyber-attacks would be handled by an information technology team. In this article, it is postulated here that the two can be usefully merged together into one, comprehensive, anomaly detection system. For this purpose, firstly, the main types of cyber-attacks and the main methods of detecting cyber-attacks are being reviewed. Subsequently, in the analogy to “process fault”—a term well established in process diagnostics—the term “cyber-fault” is introduced. Within this context a cyber-attack is considered as a vector containing a number of cyber-faults. Next, it is explained how methods used in process diagnostics for fault detection and isolation can be applied to the detection of cyber-attacks and, in some cases, also to isolation of the components of such attacks, i.e., cyber-faults. A laboratory stand and a simulator have been developed to test the proposed approach. Some test results are presented, demonstrating that, similarly to equipment/process faults, residua can be established and cyber-faults can be identified based on the mismatch between the real data from the system and the outputs of the simulation model.

show abstract

An IDS-Based DNN Model Deployed on the Edge Network to Detect Industrial IoT Attacks

Hoang,

Nguyen,

Pham

et al. 2023

Lecture Notes on Data Engineering and Communications Technologies

View full text Add to dashboard Cite

An Intrusion Detection Method for Industrial Control System Based on Machine Learning

Cited by 11 publications

References 34 publications

Nesting Circles: An Interactive Visualization Paradigm for Network Intrusion Detection System Alerts

Nesting Circles: An Interactive Visualization Paradigm for Network Intrusion Detection System Alerts

Integrated Approach to Diagnostics of Failures and Cyber-Attacks in Industrial Control Systems

An IDS-Based DNN Model Deployed on the Edge Network to Detect Industrial IoT Attacks

Contact Info

Product

Resources

About