Visible to the public Automated Anomaly Detection Tool for Industrial Control System

TitleAutomated Anomaly Detection Tool for Industrial Control System
Publication TypeConference Paper
Year of Publication2022
AuthorsVarkey, Mariam, John, Jacob, S., Umadevi K.
Conference Name2022 IEEE Conference on Dependable and Secure Computing (DSC)
Keywordsanomaly detection, Automata, finite state automata, gasoil heating loop, ICS Anomaly Detection, industrial control, industrial control systems, integrated circuits, Internet, power grids, pubcrawl, Real-time Systems, resilience, Resiliency, Scalability, secure water treatment testbed, Water heating
AbstractIndustrial Control Systems (ICS) are not secure by design-with recent developments requiring them to connect to the Internet, they tend to be highly vulnerable. Additionally, attacks on critical infrastructures such as power grids and nuclear plants can cause significant damage and loss of lives. Since such attacks tend to generate anomalies in the systems, an efficient way of attack detection is to monitor the systems and identify anomalies in real-time. An automated anomaly detection tool is introduced in this paper. Additionally, the functioning of the systems is viewed as Finite State Automata. Specific sensor measurements are used to determine permissible transitions, and statistical measures such as the Interquartile Range are used to determine acceptable boundaries for the remaining sensor measurements provided by the system. Deviations from the boundaries or permissible transitions are considered as anomalies. An additional feature is the provision of a finite state automata diagram that provides the operational constraints of a system, given a set of regulated input. This tool showed a high anomaly detection rate when tested with three types of ICS. The concepts are also benchmarked against a state-of-the-art anomaly detection algorithm called Isolation Forest, and the results are provided.
DOI10.1109/DSC54232.2022.9888891
Citation Keyvarkey_automated_2022