Visible to the public A Control Flow Anomaly Detection Algorithm for Industrial Control Systems

TitleA Control Flow Anomaly Detection Algorithm for Industrial Control Systems
Publication TypeConference Paper
Year of Publication2018
AuthorsZhang, Z., Chang, C., Lv, Z., Han, P., Wang, Y.
Conference Name2018 1st International Conference on Data Intelligence and Security (ICDIS)
ISBN Number978-1-5386-5762-1
Keywordsanomaly detection, anomaly detection ability analysis, basic group partition method, Business, business programs, computer network security, control flow, control flow analysis method, control flow anomaly detection algorithm, control flow path, control systems, encoding, industrial control, industrial control systems, intrusion attack method, path matching, Pattern matching, pubcrawl, resilience, Resiliency, Scalability, scalable, security, security of data, standard path set acquisition, Standards, tabbed-assert control flow analysis method
Abstract

Industrial control systems are the fundamental infrastructures of a country. Since the intrusion attack methods for industrial control systems have become complex and concealed, the traditional protection methods, such as vulnerability database, virus database and rule matching cannot cope with the attacks hidden inside the terminals of industrial control systems. In this work, we propose a control flow anomaly detection algorithm based on the control flow of the business programs. First, a basic group partition method based on key paths is proposed to reduce the performance burden caused by tabbed-assert control flow analysis method through expanding basic research units. Second, the algorithm phases of standard path set acquisition and path matching are introduced. By judging whether the current control flow path is deviating from the standard set or not, the abnormal operating conditions of industrial control can be detected. Finally, the effectiveness of a control flow anomaly detection (checking) algorithm based on Path Matching (CFCPM) is demonstrated by anomaly detection ability analysis and experiments.

URLhttps://ieeexplore.ieee.org/document/8367777
DOI10.1109/ICDIS.2018.00054
Citation Keyzhang_control_2018