Industrial Control Networks (ICN) such as Supervisory Control and Data Acquisition (SCADA) systems are widely used in industries for monitoring and controlling physical processes. These industries include power generation and supply, gas and oil production and delivery, water and waste management, telecommunication and transport facilities. The integration of internet exposes these systems to cyber threats. The consequences of compromised ICN are determine for a country economic and functional sustainability. Therefore, enforcing security and ensuring correctness operation became one of the biggest concerns for Industrial Control Systems (ICS), and need to be addressed. In this paper, we propose an anomaly detection approach for ICN using the physical properties of the system. We have developed operational baseline of electricity generation process and reduced the feature set using greedy and genetic feature selection algorithms. The classification is done based on Support Vector Machine (SVM), k-Nearest Neighbor (k-NN), and C4.5 decision tree with the help from the inter-arrival curves. The results show that the proposed approach successfully detects anomalies with a high degree of accuracy. In addition, they proved that SVM and C4.5 produces accurate results even for high sensitivity attacks when they used with the inter-arrival curves. As compared to this, k-NN is unable to produce good results for low and medium sensitivity attacks test cases.
翻译:工业控制网络(ICN),如监督控制和数据采集系统(SCADA)等工业控制网络(ICN)被广泛用于工业监测和控制物理过程,这些行业包括发电和供应、天然气和石油生产与输送、水和石油生产与输送、水和废物管理、电信和运输设施。互联网的一体化使这些系统面临网络威胁。受到破坏的ICN的后果决定了一个国家的经济和功能可持续性。因此,实施安全和确保正确性操作成为工业控制系统的最大关注问题之一,需要加以解决。在本文件中,我们提议采用系统物理特性对ICN采取异常检测方法。我们制定了发电流程的业务基线,并减少了使用贪婪和遗传特征选择算法的特征集。根据支持病媒机器(SVM)、K-Nearst Nieghbor(k-NNN)和C4.5决策树进行分类,并借助地铁曲线的帮助。结果显示,拟议的方法以高度精确的方式检测出异常现象。此外,SVM和C4.5还利用贪婪和遗传特征选择的中等攻击结果。