Attacks on Industrial Control Systems - Modeling and Anomaly Detection

Oliver Eigner, Philipp Kreimel, Paul Tavolato

Abstract

Industrial control systems play a crucial role in a digital society, particularly when they are part of critical infrastructures. Unfortunately traditional intrusion defense strategies for IT systems are often not applicable in industrial environments. A continuous monitoring of the operation is necessary to detect abnormal behavior of a system. This paper presents an anomaly-based approach for detection and classification of attacks against industrial control systems. In order to stay close to practice we set up a test plant with sensors, actuators and controllers widely used in industry, thus, providing a test environment as close as possible to reality. First, we defined a formal model of normal system behavior, determining the essential parameters through machine learning algorithms. The goal was the definition of outlier scores to differentiate between normal and abnormal system operations. This model of valid behavior is then used to detect anomalies. Further, we launched cyber-attacks against the test setup in order to create an attack model by using naive Bayes classifiers. We applied the model to data from a real industrial plant. The test showed that the model could be transferred to different industrial control systems with reasonable adaption and training effort.

Download


Paper Citation


in Harvard Style

Eigner O., Kreimel P. and Tavolato P. (2018). Attacks on Industrial Control Systems - Modeling and Anomaly Detection.In Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ForSE, ISBN 978-989-758-282-0, pages 581-588. DOI: 10.5220/0006755405810588


in Bibtex Style

@conference{forse18,
author={Oliver Eigner and Philipp Kreimel and Paul Tavolato},
title={Attacks on Industrial Control Systems - Modeling and Anomaly Detection},
booktitle={Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ForSE,},
year={2018},
pages={581-588},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006755405810588},
isbn={978-989-758-282-0},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ForSE,
TI - Attacks on Industrial Control Systems - Modeling and Anomaly Detection
SN - 978-989-758-282-0
AU - Eigner O.
AU - Kreimel P.
AU - Tavolato P.
PY - 2018
SP - 581
EP - 588
DO - 10.5220/0006755405810588