Cyber-Attack Detection for Industrial Control System Monitoring with Support Vector Machine Based on Communication Profile
Title | Cyber-Attack Detection for Industrial Control System Monitoring with Support Vector Machine Based on Communication Profile |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Terai, A., Abe, S., Kojima, S., Takano, Y., Koshijima, I. |
Conference Name | 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS PW) |
Keywords | cyber security test, cyber-attack detection, Europe, ICS Anomaly Detection, ICS communication profile, IDS, industrial control, industrial control system monitoring, integrated circuits, Intrusion Detection Systems, Monitoring, penetration tests, privacy, production engineering computing, pubcrawl, resilience, Resiliency, Scalability, security, security of data, support vector machine, Support vector machines, Training |
Abstract | Industrial control systems (ICS) used in industrial plants are vulnerable to cyber-attacks that can cause fatal damage to the plants. Intrusion detection systems (IDSs) monitor ICS network traffic and detect suspicious activities. However, many IDSs overlook sophisticated cyber-attacks because it is hard to make a complete database of cyber-attacks and distinguish operational anomalies when compared to an established baseline. In this paper, a discriminant model between normal and anomalous packets was constructed with a support vector machine (SVM) based on an ICS communication profile, which represents only packet intervals and length, and an IDS with the applied model is proposed. Furthermore, the proposed IDS was evaluated using penetration tests on our cyber security test bed. Although the IDS was constructed by the limited features (intervals and length) of packets, the IDS successfully detected cyber-attacks by monitoring the rate of predicted attacking packets. |
URL | https://ieeexplore.ieee.org/document/7966982/ |
DOI | 10.1109/EuroSPW.2017.62 |
Citation Key | terai_cyber-attack_2017 |
- IDS
- penetration tests
- privacy
- production engineering computing
- Support vector machines
- Training
- cyber-attack detection
- Europe
- ICS Anomaly Detection
- pubcrawl
- resilience
- ICS communication profile
- support vector machine
- industrial control
- industrial control system monitoring
- Resiliency
- Scalability
- security
- security of data
- integrated circuits
- Intrusion Detection Systems
- cyber security test
- Monitoring