Design and Analysis of Multimodel-Based Anomaly Intrusion Detection Systems in Industrial Process Automation

“…1) The Comparison of Original System and Partitioned System: A spoofing attack [9] is designed to act on the original CTCS and z 1 of the partitioned CTCS respectively, which modifies the configuration of the set point of L 1 , and maintains all the measured values from PLCs to HMI at the instant of 50 in the two systems. Fig.…”

“…3) Detection Performance of the Proposed Approach: Accuracy and real-time capability are the two most important criteria for evaluating the performance of detection systems, and the four well-known metrics: False Positive Rate (FPR), False Negative Rate (FNR), Detecion Accuracy (DA) and Detecion Time (DT) are used, whose definition can be found in [9]. First, the following two factors, which are the most important reasons for influencing the detection performance, need be analyzed.…”

“…However, there are some limitations in these methods, such as: 1) it is hard to deep parse all of the industrial protocols as the diversity and complexity. Thus, the problem of false negative and false positive are more difficult to be solved comparing with IT systems [9]; 2) the purpose of attacks is to destroy the physical object, the abnormal behaviors may not be reflected in cyber domain; and 3) the pathway of attacks is not only from the cyber network, but also from unsafe mediums., such as Stuxnet which intruded Siemens systems on the carrier of removable storage devices [20]. What's worse, once a deliberate sabotaging behavior acted on physical system, a disaster accident would happen.…”

“…As the front-end protective barrier, intrusion detection plays an important role in security protection, and it can be classified as either signature-based or anomaly-based [9]. Signaturebased methods use the database or fixed signatures to identify attacks, presenting a good result.…”

Anomaly Detection Based on Zone Partition for Security Protection of Industrial Cyber-Physical Systems

“…1) The Comparison of Original System and Partitioned System: A spoofing attack [9] is designed to act on the original CTCS and z 1 of the partitioned CTCS respectively, which modifies the configuration of the set point of L 1 , and maintains all the measured values from PLCs to HMI at the instant of 50 in the two systems. Fig.…”

“…3) Detection Performance of the Proposed Approach: Accuracy and real-time capability are the two most important criteria for evaluating the performance of detection systems, and the four well-known metrics: False Positive Rate (FPR), False Negative Rate (FNR), Detecion Accuracy (DA) and Detecion Time (DT) are used, whose definition can be found in [9]. First, the following two factors, which are the most important reasons for influencing the detection performance, need be analyzed.…”

“…However, there are some limitations in these methods, such as: 1) it is hard to deep parse all of the industrial protocols as the diversity and complexity. Thus, the problem of false negative and false positive are more difficult to be solved comparing with IT systems [9]; 2) the purpose of attacks is to destroy the physical object, the abnormal behaviors may not be reflected in cyber domain; and 3) the pathway of attacks is not only from the cyber network, but also from unsafe mediums., such as Stuxnet which intruded Siemens systems on the carrier of removable storage devices [20]. What's worse, once a deliberate sabotaging behavior acted on physical system, a disaster accident would happen.…”

“…As the front-end protective barrier, intrusion detection plays an important role in security protection, and it can be classified as either signature-based or anomaly-based [9]. Signaturebased methods use the database or fixed signatures to identify attacks, presenting a good result.…”

Anomaly Detection Based on Zone Partition for Security Protection of Industrial Cyber-Physical Systems

“…Industrial control systems (ICSs) are widely deployed in modern critical infrastructures (CIs), and their incapacitation can cause serious damage to equipment, environment, or even people's lives [1]. During the past ten years, many efforts have been made to improve the security of ICSs [2,3].…”

A Novel Covert Agent for Stealthy Attacks on Industrial Control Systems Using Least Squares Support Vector Regression

Detecting Data Integrity Attacks in Smart Grid