Visible to the public Cyber-Attack Detection for Industrial Control System Monitoring with Support Vector Machine Based on Communication Profile

TitleCyber-Attack Detection for Industrial Control System Monitoring with Support Vector Machine Based on Communication Profile
Publication TypeConference Paper
Year of Publication2017
AuthorsTerai, A., Abe, S., Kojima, S., Takano, Y., Koshijima, I.
Conference Name2017 IEEE European Symposium on Security and Privacy Workshops (EuroS PW)
Keywordscyber security test, cyber-attack detection, Europe, ICS Anomaly Detection, ICS communication profile, IDS, industrial control, industrial control system monitoring, integrated circuits, Intrusion Detection Systems, Monitoring, penetration tests, privacy, production engineering computing, pubcrawl, resilience, Resiliency, Scalability, security, security of data, support vector machine, Support vector machines, Training
Abstract

Industrial control systems (ICS) used in industrial plants are vulnerable to cyber-attacks that can cause fatal damage to the plants. Intrusion detection systems (IDSs) monitor ICS network traffic and detect suspicious activities. However, many IDSs overlook sophisticated cyber-attacks because it is hard to make a complete database of cyber-attacks and distinguish operational anomalies when compared to an established baseline. In this paper, a discriminant model between normal and anomalous packets was constructed with a support vector machine (SVM) based on an ICS communication profile, which represents only packet intervals and length, and an IDS with the applied model is proposed. Furthermore, the proposed IDS was evaluated using penetration tests on our cyber security test bed. Although the IDS was constructed by the limited features (intervals and length) of packets, the IDS successfully detected cyber-attacks by monitoring the rate of predicted attacking packets.

URLhttps://ieeexplore.ieee.org/document/7966982/
DOI10.1109/EuroSPW.2017.62
Citation Keyterai_cyber-attack_2017