Visible to the public Method for Determining the Optimal Number of Clusters for ICS Information Processes Analysis During Cyberattacks Based on Hierarchical Clustering

TitleMethod for Determining the Optimal Number of Clusters for ICS Information Processes Analysis During Cyberattacks Based on Hierarchical Clustering
Publication TypeConference Paper
Year of Publication2022
AuthorsBukharev, Dmitriy A., Ragozin, Andrey N., Sokolov, Alexander N.
Conference Name2022 Ural-Siberian Conference on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT)
Keywordsanomaly detection, Computer crime, cyberattack, cyberattack classification, hierarchical clustering, ICS Anomaly Detection, industrial control, industrial control system, integrated circuits, Labeling, Measurement, Production management, pubcrawl, resilience, Resiliency, Scalability, Training
AbstractThe development of industrial automation tools and the integration of industrial and corporate networks in order to improve the quality of production management have led to an increase in the risks of successful cyberattacks and, as a result, to the necessity to solve the problems of practical information security of industrial control systems (ICS). Detection of cyberattacks of both known and unknown types is could be implemented as anomaly detection in dynamic information processes recorded during the operation of ICS. Anomaly detection methods do not require preliminary analysis and labeling of the training sample. In the context of detecting attacks on ICS, cluster analysis is used as one of the methods that implement anomaly detection. The application of hierarchical cluster analysis for clustering data of ICS information processes exposed to various cyberattacks is studied, the problem of choosing the level of the cluster hierarchy corresponding to the minimum set of clusters aggregating separately normal and abnormal data is solved. It is shown that the Ward method of hierarchical cluster division produces the best division into clusters. The next stage of the study involves solving the problem of classifying the formed minimum set of clusters, that is, determining which cluster is normal and which cluster is abnormal.
DOI10.1109/USBEREIT56278.2022.9923392
Citation Keybukharev_method_2022