Visible to the public SteelEye: An Application-Layer Attack Detection and Attribution Model in Industrial Control Systems using Semi-Deep Learning

TitleSteelEye: An Application-Layer Attack Detection and Attribution Model in Industrial Control Systems using Semi-Deep Learning
Publication TypeConference Paper
Year of Publication2021
AuthorsNakhodchi, Sanaz, Zolfaghari, Behrouz, Yazdinejad, Abbas, Dehghantanha, Ali
Conference Name2021 18th International Conference on Privacy, Security and Trust (PST)
Keywordsattack attribution, attack detection, attribution, BoF, boosting, Categorical Boosting, composability, critical infrastructure, feature extraction, Human Behavior, industrial control, industrial control system, Metrics, Predictive models, privacy, pubcrawl, security, Semi-Deep learning
AbstractThe security of Industrial Control Systems is of high importance as they play a critical role in uninterrupted services provided by Critical Infrastructure operators. Due to a large number of devices and their geographical distribution, Industrial Control Systems need efficient automatic cyber-attack detection and attribution methods, which suggests us AI-based approaches. This paper proposes a model called SteelEye based on Semi-Deep Learning for accurate detection and attribution of cyber-attacks at the application layer in industrial control systems. The proposed model depends on Bag of Features for accurate detection of cyber-attacks and utilizes Categorical Boosting as the base predictor for attack attribution. Empirical results demonstrate that SteelEye remarkably outperforms state-of-the-art cyber-attack detection and attribution methods in terms of accuracy, precision, recall, and Fl-score.
DOI10.1109/PST52912.2021.9647777
Citation Keynakhodchi_steeleye_2021