Detection of data injection attack in industrial control system using long short term memory recurrent neural network

In 2010, the outbreak of Stuxnet sounded a warning in the field of industrial control.security. As the major attack form of Stuxnet, data injection attack is characterized by high concealment and great destructiveness. This paper proposes a new method to detect data injection attack in Industrial Control Systems (ICS), in which Long Short Term Memory Recurrent Neural Network (LSTM-RNN) is a temporal sequences predictor. We then use the Euclidean detector to identify attacks in a model of a chemical plant. With simulation and evaluation in Tennessee Eastman (TE) process, we show that this method is able to detect various types of data injection attacks.

[1]  Guo-Ping Liu,et al.  Design and Implementation of Secure Networked Predictive Control Systems Under Deception Attacks , 2012, IEEE Transactions on Control Systems Technology.

[2]  Rafal Rohozinski,et al.  Stuxnet and the Future of Cyber War , 2011 .

[3]  Zhu Han,et al.  Coordinated data-injection attack and detection in the smart grid: A detailed look at enriching detection solutions , 2012, IEEE Signal Processing Magazine.

[4]  Guoping Liu,et al.  Secure networked control systems under data integrity attacks , 2010, Proceedings of the 29th Chinese Control Conference.

[5]  Fei Hu,et al.  Detection of Faults and Attacks Including False Data Injection Attack in Smart Grid Using Kalman Filter , 2014, IEEE Transactions on Control of Network Systems.

[6]  B. Brumback,et al.  A Chi-square test for fault-detection in Kalman filters , 1987 .

[7]  E. F. Vogel,et al.  A plant-wide industrial process control problem , 1993 .

[8]  Sun Dehui,et al.  False data injection attacks for output tracking control systems , 2015, 2015 34th Chinese Control Conference (CCC).

[9]  Rayford B. Vaughn,et al.  A Retrofit Network Intrusion Detection System for MODBUS RTU and ASCII Industrial Control Systems , 2012, 2012 45th Hawaii International Conference on System Sciences.

[10]  S. Shankar Sastry,et al.  Secure Control: Towards Survivable Cyber-Physical Systems , 2008, 2008 The 28th International Conference on Distributed Computing Systems Workshops.

[11]  Naixue Xiong,et al.  Design and Analysis of Multimodel-Based Anomaly Intrusion Detection Systems in Industrial Process Automation , 2015, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[12]  Sridhar Adepu,et al.  Anomaly Detection in Cyber Physical Systems Using Recurrent Neural Networks , 2017, 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE).

[13]  Sandro Etalle,et al.  N-Gram against the Machine: On the Feasibility of the N-Gram Network Analysis for Binary Protocols , 2012, RAID.

[14]  D. Massart,et al.  The Mahalanobis distance , 2000 .

[15]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2009, CCS.

[16]  Zhu Han,et al.  Bad Data Injection Attack and Defense in Electricity Market Using Game Theory Study , 2012, IEEE Transactions on Smart Grid.