An improved content-based outlier detection method for ICS intrusion detection-Reference-Cited by-同舟云学术

An improved content-based outlier detection method for ICS intrusion detection

Published:2020-05-18 Issue:1 Volume:2020 Page:
ISSN:1687-1499
Container-title:EURASIP Journal on Wireless Communications and Networking
language:en
Short-container-title:J Wireless Com Network

Author:

Li Huiping,Wang Bin^ORCID,Xie Xin

Abstract

AbstractDue to the complexity of industrial control systems and the diversity of protocols in networks, it is difficult to build intrusion detection models based on network characteristics and physical modeling. In order to build a better flow model without additional knowledge, we propose an intrusion detection method based on the content of network packets. The construction of the model is based on the idea of ZOE method. The similarity between flows is calculated through the sequential coverage algorithm, the normal flow model is established by multi-layered clustering algorithm, and the Count-Mean-Min Sketch is used to store and count the flow model. By comparing the unknown flow with the constructed normal flow model, we achieve the intrusion detection of industrial control system (ICS). The overall experimental results on 4 ICS datasets show that the improved method can effectively improve the detection rate and reduce the false-positive rate. The detection rate reached 96.7% on average, and the false-positive rate reached 0.7% on average.

Publisher

Springer Science and Business Media LLC

Subject

Computer Networks and Communications,Computer Science Applications,Signal Processing

Link

https://link.springer.com/content/pdf/10.1186/s13638-020-01718-0.pdf

Reference45 articles.

1. D. Serpanos, Secure and resilient industrial control systems. IEEE Des. Test. 35(1), 90–94 (2018).

2. J. -P. Auffret, J. L. Snowdon, A. Stavrou, J. S. Katz, D. Kelley, R. S. Rahman, F. Stein, L. Sokol, P. Allor, P. Warweg, Cybersecurity leadership: competencies, governance and technologies for industrial control systems. J. Interconnection Netw.17(1) (2017).

3. Y. Hu, H. Li, H. Yang, Y. Sun, L. Sun, Z. Wang, Detecting stealthy attacks against industrial control systems based on residual skewness analysis. EURASIP J. Wirel. Commun. Netw.1(1) (2019).

4. K. Paridari, N. O’Mahony, A. E. -D. Mady, R. Chabukswar, M. Boubekeur, H. Sandberg, A framework for at-tack-resilient industrial control systems: attack detection and controller reconfiguration. Proc. IEEE. 106(1), 113–128 (2018).

5. M. Chung, W. Ahn, B. Min, J. Seo, J. Moon, An analytical method for developing appropriate protection profile of instrumentation & control system for nuclear power plants. J. Supercomput.74(3), 1378–1393 (2018).

Cited by 8 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Protocol study and anomaly detection for server-driven traffic in SCADA networks;International Journal of Critical Infrastructure Protection;2023-09

2. Anomaly-based Intrusion Detection System for ICS;2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT);2023-07-06

3. PREE: Heuristic builder for reverse engineering of network protocols in industrial control systems;Forensic Science International: Digital Investigation;2023-07

4. Relationship between lean manufacturing tools and their sustainable economic benefits;The International Journal of Advanced Manufacturing Technology;2022-10-12

5. Machinery Lean Manufacturing Tools for Improved Sustainability: The Mexican Maquiladora Industry Experience;Mathematics;2022-04-27