A Control Flow Anomaly Detection Algorithm for Industrial Control Systems
Title | A Control Flow Anomaly Detection Algorithm for Industrial Control Systems |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Zhang, Z., Chang, C., Lv, Z., Han, P., Wang, Y. |
Conference Name | 2018 1st International Conference on Data Intelligence and Security (ICDIS) |
ISBN Number | 978-1-5386-5762-1 |
Keywords | anomaly detection, anomaly detection ability analysis, basic group partition method, Business, business programs, computer network security, control flow, control flow analysis method, control flow anomaly detection algorithm, control flow path, control systems, encoding, industrial control, industrial control systems, intrusion attack method, path matching, Pattern matching, pubcrawl, resilience, Resiliency, Scalability, scalable, security, security of data, standard path set acquisition, Standards, tabbed-assert control flow analysis method |
Abstract | Industrial control systems are the fundamental infrastructures of a country. Since the intrusion attack methods for industrial control systems have become complex and concealed, the traditional protection methods, such as vulnerability database, virus database and rule matching cannot cope with the attacks hidden inside the terminals of industrial control systems. In this work, we propose a control flow anomaly detection algorithm based on the control flow of the business programs. First, a basic group partition method based on key paths is proposed to reduce the performance burden caused by tabbed-assert control flow analysis method through expanding basic research units. Second, the algorithm phases of standard path set acquisition and path matching are introduced. By judging whether the current control flow path is deviating from the standard set or not, the abnormal operating conditions of industrial control can be detected. Finally, the effectiveness of a control flow anomaly detection (checking) algorithm based on Path Matching (CFCPM) is demonstrated by anomaly detection ability analysis and experiments. |
URL | https://ieeexplore.ieee.org/document/8367777 |
DOI | 10.1109/ICDIS.2018.00054 |
Citation Key | zhang_control_2018 |
- Industrial Control Systems
- tabbed-assert control flow analysis method
- standards
- standard path set acquisition
- security of data
- security
- scalable
- Scalability
- Resiliency
- resilience
- pubcrawl
- pattern matching
- path matching
- intrusion attack method
- Anomaly Detection
- industrial control
- encoding
- control systems
- control flow path
- control flow anomaly detection algorithm
- control flow analysis method
- control flow
- computer network security
- business programs
- Business
- basic group partition method
- anomaly detection ability analysis