Visible to the public Biblio

Filters: Keyword is production engineering computing  [Clear All Filters]
2021-04-09
Song, M., Lind, M..  2020.  Towards Automated Generation of Function Models from P IDs. 2020 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA). 1:1081—1084.
Although function model has been widely applied to develop various operator decision support systems, the modeling process is essentially a manual work, which takes significant efforts on knowledge acquisition. It would greatly improve the efficiency of modeling if relevant information can be automatically retrieved from engineering documents. This paper investigates the possibility of automated transformation from P&IDs to a function model called MFM via AutomationML. Semantics and modeling patterns of MFM are established in AutomationML, which can be utilized to convert plant topology models into MFM models. The proposed approach is demonstrated with a small use case. Further topics for extending the study are also discussed.
2021-03-30
Baybulatov, A. A., Promyslov, V. G..  2020.  On a Deterministic Approach to Solving Industrial Control System Problems. 2020 International Russian Automation Conference (RusAutoCon). :115—120.

Since remote ages, queues and delays have been a rather exasperating reality of human daily life. Today, they pursue us everywhere: in technical, social, socio-technical, and even control systems, dramatically deteriorating their performance. In this variety, it is the computer systems that are sure to cause the growing anxiety in our digital era. Although for our everyday Internet surfing, experiencing long-lasting and annoying delays is an unpleasant but not dangerous situation, for industrial control systems, especially those dealing with critical infrastructures, such behavior is unacceptable. The article presents a deterministic approach to solving some digital control system problems associated with delays and backlogs. Being based on Network calculus, in contrast to statistical methods of Queuing theory, it provides worst-case results, which are eminently desirable for critical infrastructures. The article covers the basics of a theory of deterministic queuing systems Network calculus, its evolution regarding the relationship between backlog bound and delay, and a technique for handling empirical data. The problems being solved by the deterministic approach: standard calculation of network performance measures, estimation of database maximum updating time, and cybersecurity assessment including such issues as the CIA triad representation, operational technology influence, and availability understanding focusing on its correlation with a delay are thoroughly discussed as well.

Elnour, M., Meskin, N., Khan, K. M..  2020.  Hybrid Attack Detection Framework for Industrial Control Systems using 1D-Convolutional Neural Network and Isolation Forest. 2020 IEEE Conference on Control Technology and Applications (CCTA). :877—884.

Industrial control systems (ICSs) are used in various infrastructures and industrial plants for realizing their control operation and ensuring their safety. Concerns about the cybersecurity of industrial control systems have raised due to the increased number of cyber-attack incidents on critical infrastructures in the light of the advancement in the cyber activity of ICSs. Nevertheless, the operation of the industrial control systems is bind to vital aspects in life, which are safety, economy, and security. This paper presents a semi-supervised, hybrid attack detection approach for industrial control systems by combining Isolation Forest and Convolutional Neural Network (CNN) models. The proposed framework is developed using the normal operational data, and it is composed of a feature extraction model implemented using a One-Dimensional Convolutional Neural Network (1D-CNN) and an isolation forest model for the detection. The two models are trained independently such that the feature extraction model aims to extract useful features from the continuous-time signals that are then used along with the binary actuator signals to train the isolation forest-based detection model. The proposed approach is applied to a down-scaled industrial control system, which is a water treatment plant known as the Secure Water Treatment (SWaT) testbed. The performance of the proposed method is compared with the other works using the same testbed, and it shows an improvement in terms of the detection capability.

Gillen, R. E., Carter, J. M., Craig, C., Johnson, J. A., Scott, S. L..  2020.  Assessing Anomaly-Based Intrusion Detection Configurations for Industrial Control Systems. 2020 IEEE 21st International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM). :360—366.

To reduce cost and ease maintenance, industrial control systems (ICS) have adopted Ethernetbased interconnections that integrate operational technology (OT) systems with information technology (IT) networks. This integration has made these critical systems vulnerable to attack. Security solutions tailored to ICS environments are an active area of research. Anomalybased network intrusion detection systems are well-suited for these environments. Often these systems must be optimized for their specific environment. In prior work, we introduced a method for assessing the impact of various anomaly-based network IDS settings on security. This paper reviews the experimental outcomes when we applied our method to a full-scale ICS test bed using actual attacks. Our method provides new and valuable data to operators enabling more informed decisions about IDS configurations.

Zhang, R., Cao, Z., Wu, K..  2020.  Tracing and detection of ICS Anomalies Based on Causality Mutations. 2020 IEEE 5th Information Technology and Mechatronics Engineering Conference (ITOEC). :511—517.

The algorithm of causal anomaly detection in industrial control physics is proposed to determine the normal cloud line of industrial control system so as to accurately detect the anomaly. In this paper, The causal modeling algorithm combining Maximum Information Coefficient and Transfer Entropy was used to construct the causal network among nodes in the system. Then, the abnormal nodes and the propagation path of the anomaly are deduced from the structural changes of the causal network before and after the attack. Finally, an anomaly detection algorithm based on hybrid differential cumulative is used to identify the specific anomaly data in the anomaly node. The stability of causality mining algorithm and the validity of locating causality anomalies are verified by using the data of classical chemical process. Experimental results show that the anomaly detection algorithm is better than the comparison algorithm in accuracy, false negative rate and recall rate, and the anomaly location strategy makes the anomaly source traceable.

2021-03-29
Alabugin, S. K., Sokolov, A. N..  2020.  Applying of Generative Adversarial Networks for Anomaly Detection in Industrial Control Systems. 2020 Global Smart Industry Conference (GloSIC). :199–203.

Modern industrial control systems (ICS) act as victims of cyber attacks more often in last years. These cyber attacks often can not be detected by classical information security methods. Moreover, the consequences of cyber attack's impact can be catastrophic. Since cyber attacks leads to appearance of anomalies in the ICS and technological equipment controlled by it, the task of intrusion detection for ICS can be reformulated as the task of industrial process anomaly detection. This paper considers the applicability of generative adversarial networks (GANs) in the field of industrial processes anomaly detection. Existing approaches for GANs usage in the field of information security (such as anomaly detection in network traffic) were described. It is proposed to use the BiGAN architecture in order to detect anomalies in the industrial processes. The proposed approach has been tested on Secure Water Treatment Dataset (SWaT). The obtained results indicate the prospects of using the examined method in practice.

2021-03-09
Herrera, A. E. Hinojosa, Walshaw, C., Bailey, C..  2020.  Improving Black Box Classification Model Veracity for Electronics Anomaly Detection. 2020 15th IEEE Conference on Industrial Electronics and Applications (ICIEA). :1092–1097.
Data driven classification models are useful to assess quality of manufactured electronics. Because decisions are taken based on the models, their veracity is relevant, covering aspects such as accuracy, transparency and clarity. The proposed BB-Stepwise algorithm aims to improve the classification model transparency and accuracy of black box models. K-Nearest Neighbours (KNN) is a black box model which is easy to implement and has achieved good classification performance in different applications. In this paper KNN-Stepwise is illustrated for fault detection of electronics devices. The results achieved shows that the proposed algorithm was able to improve the accuracy, veracity and transparency of KNN models and achieve higher transparency and clarity, and at least similar accuracy than when using Decision Tree models.
2021-02-23
Park, S. H., Park, H. J., Choi, Y..  2020.  RNN-based Prediction for Network Intrusion Detection. 2020 International Conference on Artificial Intelligence in Information and Communication (ICAIIC). :572—574.
We investigate a prediction model using RNN for network intrusion detection in industrial IoT environments. For intrusion detection, we use anomaly detection methods that estimate the next packet, measure and score the distance measurement in real packets to distinguish whether it is a normal packet or an abnormal packet. When the packet was learned in the LSTM model, two-gram and sliding window of N-gram showed the best performance in terms of errors and the performance of the LSTM model was the highest compared with other data mining regression techniques. Finally, cosine similarity was used as a scoring function, and anomaly detection was performed by setting a boundary for cosine similarity that consider as normal packet.
2021-02-03
Gillen, R. E., Anderson, L. A., Craig, C., Johnson, J., Columbia, A., Anderson, R., Craig, A., Scott, S. L..  2020.  Design and Implementation of Full-Scale Industrial Control System Test Bed for Assessing Cyber-Security Defenses. 2020 IEEE 21st International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM). :341—346.
In response to the increasing awareness of the Ethernet-based threat surface of industrial control systems (ICS), both the research and commercial communities are responding with ICS-specific security solutions. Unfortunately, many of the properties of ICS environments that contribute to the extent of this threat surface (e.g. age of devices, inability or unwillingness to patch, criticality of the system) similarly prevent the proper testing and evaluation of these security solutions. Production environments are often too fragile to introduce unvetted technology and most organizations lack test environments that are sufficiently consistent with production to yield actionable results. Cost and space requirements prevent the creation of mirrored physical environments leading many to look towards simulation or virtualization. Examples in literature provide various approaches to building ICS test beds, though most of these suffer from a lack of realism due to contrived scenarios, synthetic data and other compromises. In this paper, we provide a design methodology for building highly realistic ICS test beds for validating cybersecurity defenses. We then apply that methodology to the design and building of a specific test bed and describe the results and experimental use cases.
Rehan, S., Singh, R..  2020.  Industrial and Home Automation, Control, Safety and Security System using Bolt IoT Platform. 2020 International Conference on Smart Electronics and Communication (ICOSEC). :787—793.
This paper describes a system that comprises of control, safety and security subsystem for industries and homes. The entire system is based on the Bolt IoT platform. Using this system, the user can control the devices such as LEDs, speed of the fan or DC motor, monitor the temperature of the premises with an alert sub-system for critical temperatures through SMS and call, monitor the presence of anyone inside the premises with an alert sub-system about any intrusion through SMS and call. If the system is used specifically in any industry then instead of monitoring the temperature any other physical quantity, which is critical for that industry, can be monitored using suitable sensors. In addition, the cloud connectivity is provided to the system using the Bolt IoT module and temperature data is sent to the cloud where using machine-learning algorithm the future temperature is predicted to avoid any accidents in the future.
Pashaei, A., Akbari, M. E., Lighvan, M. Z., Teymorzade, H. Ali.  2020.  Improving the IDS Performance through Early Detection Approach in Local Area Networks Using Industrial Control Systems of Honeypot. 2020 IEEE International Conference on Environment and Electrical Engineering and 2020 IEEE Industrial and Commercial Power Systems Europe (EEEIC / I CPS Europe). :1—5.

The security of Industrial Control system (ICS) of cybersecurity networks ensures that control equipment fails and that regular procedures are available at its control facilities and internal industrial network. For this reason, it is essential to improve the security of industrial control facility networks continuously. Since network security is threatening, industrial installations are irreparable and perhaps environmentally hazardous. In this study, the industrialized Early Intrusion Detection System (EIDS) was used to modify the Intrusion Detection System (IDS) method. The industrial EIDS was implemented using routers, IDS Snort, Industrial honeypot, and Iptables MikroTik. EIDS successfully simulated and implemented instructions written in IDS, Iptables router, and Honeypots. Accordingly, the attacker's information was displayed on the monitoring page, which had been designed for the ICS. The EIDS provides cybersecurity and industrial network systems against vulnerabilities and alerts industrial network security heads in the shortest possible time.

Ani, U. D., He, H., Tiwari, A..  2020.  Vulnerability-Based Impact Criticality Estimation for Industrial Control Systems. 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1—8.

Cyber threats directly affect the critical reliability and availability of modern Industry Control Systems (ICS) in respects of operations and processes. Where there are a variety of vulnerabilities and cyber threats, it is necessary to effectively evaluate cyber security risks, and control uncertainties of cyber environments, and quantitative evaluation can be helpful. To effectively and timely control the spread and impact produced by attacks on ICS networks, a probabilistic Multi-Attribute Vulnerability Criticality Analysis (MAVCA) model for impact estimation and prioritised remediation is presented. This offer a new approach for combining three major attributes: vulnerability severities influenced by environmental factors, the attack probabilities relative to the vulnerabilities, and functional dependencies attributed to vulnerability host components. A miniature ICS testbed evaluation illustrates the usability of the model for determining the weakest link and setting security priority in the ICS. This work can help create speedy and proactive security response. The metrics derived in this work can serve as sub-metrics inputs to a larger quantitative security metrics taxonomy; and can be integrated into the security risk assessment scheme of a larger distributed system.

Chernov, D., Sychugov, A..  2020.  Determining the Hazard Quotient of Destructive Actions of Automated Process Control Systems Information Security Violator. 2020 International Russian Automation Conference (RusAutoCon). :566—570.
The purpose of the work is a formalized description of the method determining numerical expression of the danger from actions potentially implemented by an information security violator. The implementation of such actions may lead to a disruption of the ordered functioning of multilevel distributed automated process control systems, which indicates the importance of developing new adequate solutions for predicting attacks consequences. The analysis of the largest destructive effects on information security systems of critical objects is carried out. The most common methods of obtaining the value of the hazard quotient of information security violators' destructive actions are considered. Based on the known methods for determining the possible damage from attacks implemented by a potential information security violator, a new, previously undetected in open sources method for determining the hazard quotient of destructive actions of an information security violator has been proposed. In order to carry out experimental calculations by the proposed method, the authors developed the required software. The calculations results are presented and indicate the possibility of using the proposed method for modeling threats and information security violators when designing an information security system for automated process control systems.
2021-01-25
Dangal, P., Bloom, G..  2020.  Towards Industrial Security Through Real-time Analytics. 2020 IEEE 23rd International Symposium on Real-Time Distributed Computing (ISORC). :156–157.

Industrial control system (ICS) denotes a system consisting of actuators, control stations, and network that manages processes and functions in an industrial setting. The ICS community faces two major problems to keep pace with the broader trends of Industry 4.0: (1) a data rich, information poor (DRIP) syndrome, and (2) risk of financial and safety harms due to security breaches. In this paper, we propose a private cloud in the loop ICS architecture for real-time analytics that can bridge the gap between low data utilization and security hardening.

2021-01-11
Majhi, D., Rao, M., Sahoo, S., Dash, S. P., Mohapatra, D. P..  2020.  Modified Grey Wolf Optimization(GWO) based Accident Deterrence in Internet of Things (IoT) enabled Mining Industry. 2020 International Conference on Computer Science, Engineering and Applications (ICCSEA). :1–4.
The occurrences of accidents in mining industries owing to the fragile health conditions of mine workers are reportedly increasing. Health conditions measured as heart rate or pulse, glycemic index, and blood pressure are often crucial parameters that lead to failure in proper reasoning when not within acceptable ranges. These parameters, such as heartbeat rate can be measured continuously using sensors. The data can be monitored remotely and, when found to be of concern, can send necessary alarms to the mine manager. The early alarm notification enables the mine manager with better preparedness for managing the reach of first aid to the accident spot and thereby reduce mine fatalities drastically. This paper presents a framework for deterring accidents in mines with the help of the Grey Wolf Optimization approach.
2020-12-21
Neises, J., Moldovan, G., Walloschke, T., Popovici, B..  2020.  Trustworthiness in Supply Chains : A modular extensible Approach applied to Industrial IoT. 2020 Global Internet of Things Summit (GIoTS). :1–6.
Typical transactions in cross-company Industry 4.0 supply chains require a dynamically evaluable form of trustworthiness. Therefore, specific requirements on the parties involved, down to the machine level, for automatically verifiable operations shall facilitate the realization of the economic advantages of future flexible process chains in production. The core of the paper is a modular and extensible model for the assessment of trustworthiness in industrial IoT based on the Industrial Internet Security Framework of the Industrial Internet Consortium, which among other things defines five trustworthiness key characteristics of NIST. This is the starting point for a flexible model, which contains features as discussed in ISO/IEC JTC 1/AG 7 N51 or trustworthiness profiles as used in regulatory requirements. Specific minimum and maximum requirement parameters define the range of trustworthy operation. An automated calculation of trustworthiness in a dynamic environment based on an initial trust metric is presented. The evaluation can be device-based, connection-based, behaviour-based and context-based and thus become part of measurable, trustworthy, monitorable Industry 4.0 scenarios. Finally, the dynamic evaluation of automatable trust models of industrial components is illustrated based on the Multi-Vendor-Industry of the Horizon 2020 project SecureIoT. (grant agreement number 779899).
2020-12-15
Nasser, B., Rabani, A., Freiling, D., Gan, C..  2018.  An Adaptive Telerobotics Control for Advanced Manufacturing. 2018 NASA/ESA Conference on Adaptive Hardware and Systems (AHS). :82—89.
This paper explores an innovative approach to the telerobotics reasoning architecture and networking, which offer a reliable and adaptable operational process for complex tasks. There are many operational challenges in the remote control for manufacturing that can be introduced by the network communications and Iatency. A new protocol, named compact Reliable UDP (compact-RUDP), has been developed to combine both data channelling and media streaming for robot teleoperation. The original approach ensures connection reliability by implementing a TCP-like sliding window with UDP packets. The protocol provides multiple features including data security, link status monitoring, bandwidth control, asynchronous file transfer and prioritizing transfer of data packets. Experiments were conducted on a 5DOF robotic arm where a cutting tool was mounted at its distal end. A light sensor was used to guide the robot movements, and a camera device to provide a video stream of the operation. The data communication reliability is evaluated using Round-Trip Time (RTT), and advanced robot path planning for distributed decision making between endpoints. The results show 88% correlation between the remotely and locally operated robots. The file transfers and video streaming were performed with no data loss or corruption on the control commands and data feedback packets.
2020-12-01
Sunny, S. M. N. A., Liu, X., Shahriar, M. R..  2018.  Remote Monitoring and Online Testing of Machine Tools for Fault Diagnosis and Maintenance Using MTComm in a Cyber-Physical Manufacturing Cloud. 2018 IEEE 11th International Conference on Cloud Computing (CLOUD). :532—539.

Existing systems allow manufacturers to acquire factory floor data and perform analysis with cloud applications for machine health monitoring, product quality prediction, fault diagnosis and prognosis etc. However, they do not provide capabilities to perform testing of machine tools and associated components remotely, which is often crucial to identify causes of failure. This paper presents a fault diagnosis system in a cyber-physical manufacturing cloud (CPMC) that allows manufacturers to perform diagnosis and maintenance of manufacturing machine tools through remote monitoring and online testing using Machine Tool Communication (MTComm). MTComm is an Internet scale communication method that enables both monitoring and operation of heterogeneous machine tools through RESTful web services over the Internet. It allows manufacturers to perform testing operations from cloud applications at both machine and component level for regular maintenance and fault diagnosis. This paper describes different components of the system and their functionalities in CPMC and techniques used for anomaly detection and remote online testing using MTComm. It also presents the development of a prototype of the proposed system in a CPMC testbed. Experiments were conducted to evaluate its performance to diagnose faults and test machine tools remotely during various manufacturing scenarios. The results demonstrated excellent feasibility to detect anomaly during manufacturing operations and perform testing operations remotely from cloud applications using MTComm.

Shahriar, M. R., Sunny, S. M. N. A., Liu, X., Leu, M. C., Hu, L., Nguyen, N..  2018.  MTComm Based Virtualization and Integration of Physical Machine Operations with Digital-Twins in Cyber-Physical Manufacturing Cloud. 2018 5th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2018 4th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :46—51.

Digital-Twins simulate physical world objects by creating 'as-is' virtual images in a cyberspace. In order to create a well synchronized digital-twin simulator in manufacturing, information and activities of a physical machine need to be virtualized. Many existing digital-twins stream read-only data of machine sensors and do not incorporate operations of manufacturing machines through Internet. In this paper, a new method of virtualization is proposed to integrate machining data and operations into the digital-twins using Internet scale machine tool communication method. A fully functional digital-twin is implemented in CPMC testbed using MTComm and several manufacturing application scenarios are developed to evaluate the proposed method and system. Performance analysis shows that it is capable of providing data-driven visual monitoring of a manufacturing process and performing manufacturing operations through digital twins over the Internet. Results of the experiments also shows that the MTComm based digital twins have an excellent efficiency.

Nikander, P., Autiosalo, J., Paavolainen, S..  2019.  Interledger for the Industrial Internet of Things. 2019 IEEE 17th International Conference on Industrial Informatics (INDIN). 1:908—915.

The upsurge of Industrial Internet of Things is forcing industrial information systems to enable less hierarchical information flow. The connections between humans, devices, and their digital twins are growing in numbers, creating a need for new kind of security and trust solutions. To address these needs, industries are applying distributed ledger technologies, aka blockchains. A significant number of use cases have been studied in the sectors of logistics, energy markets, smart grid security, and food safety, with frequently reported benefits in transparency, reduced costs, and disintermediation. However, distributed ledger technologies have challenges with transaction throughput, latency, and resource requirements, which render the technology unusable in many cases, particularly with constrained Internet of Things devices.To overcome these challenges within the Industrial Internet of Things, we suggest a set of interledger approaches that enable trusted information exchange across different ledgers and constrained devices. With these approaches, the technically most suitable ledger technology can be selected for each use case while simultaneously enjoying the benefits of the most widespread ledger implementations. We present state of the art for distributed ledger technologies to support the use of interledger approaches in industrial settings.

2020-11-02
Bloom, Gedare, Alsulami, Bassma, Nwafor, Ebelechukwu, Bertolotti, Ivan Cibrario.  2018.  Design patterns for the industrial Internet of Things. 2018 14th IEEE International Workshop on Factory Communication Systems (WFCS). :1—10.
The Internet of Things (IoT) is a vast collection of interconnected sensors, devices, and services that share data and information over the Internet with the objective of leveraging multiple information sources to optimize related systems. The technologies associated with the IoT have significantly improved the quality of many existing applications by reducing costs, improving functionality, increasing access to resources, and enhancing automation. The adoption of IoT by industries has led to the next industrial revolution: Industry 4.0. The rise of the Industrial IoT (IIoT) promises to enhance factory management, process optimization, worker safety, and more. However, the rollout of the IIoT is not without significant issues, and many of these act as major barriers that prevent fully achieving the vision of Industry 4.0. One major area of concern is the security and privacy of the massive datasets that are captured and stored, which may leak information about intellectual property, trade secrets, and other competitive knowledge. As a way forward toward solving security and privacy concerns, we aim in this paper to identify common input-output (I/O) design patterns that exist in applications of the IIoT. These design patterns enable constructing an abstract model representation of data flow semantics used by such applications, and therefore better understand how to secure the information related to IIoT operations. In this paper, we describe communication protocols and identify common I/O design patterns for IIoT applications with an emphasis on data flow in edge devices, which, in the industrial control system (ICS) setting, are most often involved in process control or monitoring.
2020-10-30
Pearce, Hammond, Pinisetty, Srinivas, Roop, Partha S., Kuo, Matthew M. Y., Ukil, Abhisek.  2020.  Smart I/O Modules for Mitigating Cyber-Physical Attacks on Industrial Control Systems. IEEE Transactions on Industrial Informatics. 16:4659—4669.

Cyber-physical systems (CPSs) are implemented in many industrial and embedded control applications. Where these systems are safety-critical, correct and safe behavior is of paramount importance. Malicious attacks on such CPSs can have far-reaching repercussions. For instance, if elements of a power grid behave erratically, physical damage and loss of life could occur. Currently, there is a trend toward increased complexity and connectivity of CPS. However, as this occurs, the potential attack vectors for these systems grow in number, increasing the risk that a given controller might become compromised. In this article, we examine how the dangers of compromised controllers can be mitigated. We propose a novel application of runtime enforcement that can secure the safety of real-world physical systems. Here, we synthesize enforcers to a new hardware architecture within programmable logic controller I/O modules to act as an effective line of defence between the cyber and the physical domains. Our enforcers prevent the physical damage that a compromised control system might be able to perform. To demonstrate the efficacy of our approach, we present several benchmarks, and show that the overhead for each system is extremely minimal.

2020-10-16
Colelli, Riccardo, Panzieri, Stefano, Pascucci, Federica.  2019.  Securing connection between IT and OT: the Fog Intrusion Detection System prospective. 2019 II Workshop on Metrology for Industry 4.0 and IoT (MetroInd4.0 IoT). :444—448.

Industrial Control systems traditionally achieved security by using proprietary protocols to communicate in an isolated environment from the outside. This paradigm is changed with the advent of the Industrial Internet of Things that foresees flexible and interconnected systems. In this contribution, a device acting as a connection between the operational technology network and information technology network is proposed. The device is an intrusion detection system related to legacy systems that is able to collect and reporting data to and from industrial IoT devices. It is based on the common signature based intrusion detection system developed in the information technology domain, however, to cope with the constraints of the operation technology domain, it exploits anomaly based features. Specifically, it is able to analyze the traffic on the network at application layer by mean of deep packet inspection, parsing the information carried by the proprietary protocols. At a later stage, it collect and aggregate data from and to IoT domain. A simple set up is considered to prove the effectiveness of the approach.

Tian, Zheng, Wu, Weidong, Li, Shu, Li, Xi, Sun, Yizhen, Chen, Zhongwei.  2019.  Industrial Control Intrusion Detection Model Based on S7 Protocol. 2019 IEEE 3rd Conference on Energy Internet and Energy System Integration (EI2). :2647—2652.

With the proposal of the national industrial 4.0 strategy, the integration of industrial control network and Internet technology is getting higher and higher. At the same time, the closeness of industrial control networks has been broken to a certain extent, making the problem of industrial control network security increasingly serious. S7 protocol is a private protocol of Siemens Company in Germany, which is widely used in the communication process of industrial control network. In this paper, an industrial control intrusion detection model based on S7 protocol is proposed. Traditional protocol parsing technology cannot resolve private industrial control protocols, so, this model uses deep analysis algorithm to realize the analysis of S7 data packets. At the same time, in order to overcome the complexity and portability of static white list configuration, this model dynamically builds a white list through white list self-learning algorithm. Finally, a composite intrusion detection method combining white list detection and abnormal behavior detection is used to detect anomalies. The experiment proves that the method can effectively detect the abnormal S7 protocol packet in the industrial control network.

Zhang, Rui, Chen, Hongwei.  2019.  Intrusion Detection of Industrial Control System Based on Stacked Auto-Encoder. 2019 Chinese Automation Congress (CAC). :5638—5643.

With the deep integration of industrial control systems and Internet technologies, how to effectively detect whether industrial control systems are threatened by intrusion is a difficult problem in industrial security research. Aiming at the difficulty of high dimensionality and non-linearity of industrial control system network data, the stacked auto-encoder is used to extract the network data features, and the multi-classification support vector machine is used for classification. The research results show that the accuracy of the intrusion detection model reaches 95.8%.