Detecting Anomalies in Programmable Logic Controllers Using Unsupervised Machine Learning

Chan, Chun-Fai; Chow, Kam-Pui; Mak, Cesar; Chan, Raymond

doi:10.1007/978-3-030-28752-8_7

Cited by 7 publications

(5 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Both PLCs show high performance reaching F1 scores of 0.97 and 0.92 for the S7-300 and AB CLX PLCs, respectively, demonstrating the generalisability of PLCPrint at detecting anomalous PLC behaviour. Moreover, the achieved F1 scores are competitive with existing PLC anomaly detection approaches [9], [11], [15]. PLCPrint anomaly detection performs best when the PLCs were subject to static attacks, possibly as static attacks typically comprise lower entropy regarding how PLC registers are manipulated.…”

Section: A Attack Detection Performancementioning

confidence: 95%

“…The majority of existing fingerprinting approaches for ICS provide functionality for anomaly detection [5]- [7], [9]- [11], [14]- [16], [18]- [20]. There is an insubstantial number of studies that have explored the crossover between anomaly detection and forensic response, with only one study being identified to have limited forensic applications through timestamps associated with state changes [14].…”

Section: A Objectives Of Ics Fingerprintersmentioning

confidence: 99%

“…As ICS network traffic is primarily deterministic, models of normal system behaviour are able to be accurately generated in comparison to generic IT systems, where there would typically be a greater amount of noise in the network data [23]. Other studies used the dynamic states of device input/output (I/O) registers to fingerprint ICS processes [9], [11], [14]. None of the studies in Table I have looked to use PLC application code as an artefact for device fingerprinting.…”

Section: Fingerprinting Data Artefactsmentioning

confidence: 99%

See 2 more Smart Citations

PLCPrint: Fingerprinting Memory Attacks in Programmable Logic Controllers

Cook

Marnerides

Pezaros

2023

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Section: A Attack Detection Performancementioning

confidence: 95%

Section: A Objectives Of Ics Fingerprintersmentioning

confidence: 99%

Section: Fingerprinting Data Artefactsmentioning

confidence: 99%

See 1 more Smart Citation

PLCPrint: Fingerprinting Memory Attacks in Programmable Logic Controllers

Cook

Marnerides

Pezaros

2023

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

“…Os algoritmos Cluster Based Local Outlier Factor e Floresta de Isolamento foram utilizados para detectar alterações de qualidade nas medições realizadas, tendo sido utilizado um conjuntos de dados semi-sintéticos. Chan et al (2019) realizaram detecção de anomalias em controladores lógicos programáveis (CLPs) que compõem sistemas de controle de supervisão e aquisição de dados (SCADA). Esses equipamentos gerenciam operações de equipamentos industriais baseados em sensores e estão expostos a ameaças cibernéticas.…”

Section: Trabalhos Correlatosunclassified

Detecção de anomalias em poços produtores de petróleo usando aprendizado de máquina

Júnior

Vargas

Komati

et al. 2020

Anais Do Congresso Brasileiro De Automática 2020

View full text Add to dashboard Cite

Anomalias em poços produtores de petróleo podem provocar impactos financeiros significativos. O uso de aprendizado de máquina para detectar essas situações podem prevenir interrupções indesejadas de produção bem como custos de manutenção. Nesse contexto, este trabalho propõe a aplicação e comparação de classificadores para detecção de anomalias em poços de produção de petróleo e gás. Classificadores de classe única Floresta de Isolamento, \textit{One-class Support Vector Machine} (OCSVM), \textit{Local Outlier Factor} (LOF) e Envelope Elíptico foram aplicados em uma base de dados com casos reais, sendo o melhor desempenho obtido pelo LOF com medida F1 de 88,2\%, seguido da Floresta de Isolamento com 74,3\%. Os resultados obtidos apresentam melhoria em comparação ao \textit{benchmark} de referência e estimulam a continuação do trabalho com a experimentação de outras famílias de classificadores.

show abstract

“…separate hardware (see Figure 18). Either approach allows the system can 534 secure itself from most attacks [86]. An Evaluation Model of Autonomy Levels in Manufacturing and its Features 541 Some of the capabilities that increase the level of maturity of a system 542 are listed in Table 7 as important functionalities of self-x systems, in order 543 of maturity.…”

mentioning

confidence: 99%

An Evaluation Model of Autonomy Levels in Manufacturing and its Features

Monetti²,

Torayev³

et al. 2022

Preprint

View full text Add to dashboard Cite

Modern manufacturing has to cope with dynamic and changing circumstances. Market fluctuations, the effects caused by unpredictable material shortages, highly variable product demand, and worker availability all require system robustness, flexibility, and resilience. To adapt to these new requirements, manufacturers should consider investigating, investing in, and implementing system autonomy. Autonomy is being adopted in multiple industrial contexts, but divergences arise when formalising the concept of autonomous systems. To develop an implementation of autonomous manufacturing systems it is essential to specify what autonomy means, how autonomous manufacturing systems are different from other autonomous systems, and how autonomous manufacturing systems are identified and achieved through the main features and enabling technologies. With a comprehensive literature review, this paper provides a definition of autonomy in the manufacturing context, infers the features of autonomy from different engineering domains, and presents a five-level model of autonomy -- associated with maturity levels for the features -- to ensure the complete identification and evaluation of autonomous manufacturing systems. The paper also presents the evaluation of a real autonomous system that serves as a use-case and a validation of the model.

show abstract

Detecting Anomalies in Programmable Logic Controllers Using Unsupervised Machine Learning

Cited by 7 publications

References 11 publications

PLCPrint: Fingerprinting Memory Attacks in Programmable Logic Controllers

PLCPrint: Fingerprinting Memory Attacks in Programmable Logic Controllers

Detecção de anomalias em poços produtores de petróleo usando aprendizado de máquina

An Evaluation Model of Autonomy Levels in Manufacturing and its Features

Contact Info

Product

Resources

About