论文信息 - Detecting anomalous behavior of PLC using semi-supervised machine learning

Detecting anomalous behavior of PLC using semi-supervised machine learning

Industrial Control System (ICS) is used to monitor and control critical infrastructures. Programmable logic controllers (PLCs) are major components of ICS, which are used to form automation system. It is important to protect PLCs from any attacks and undesired incidents. However, it is not easy to apply traditional tools and techniques to PLCs for security protection and forensics because of its unique architectures. Semi-supervised machine learning algorithm, One-class Support Vector Machine (OCSVM), has been applied successfully to many anomaly detection problems. This paper proposes a novel methodology to detect anomalous events of PLC by using OCSVM. The methodology was applied to a simulated traffic light control system to illustrate its effectiveness and accuracy. Our results show that high accuracy of identification of anomalous PLC operations is obtained which can help investigators to perform PLC forensics efficiently and effectively.

[1] William Bolton. 1 – Programmable logic controllers , 2006 .

[2] Jamie L. Godwin,et al. Classification and Detection of Electrical Control System Faults Through Scada Data Analysis , 2013 .

[3] Salvatore J. Stolfo,et al. One Class Support Vector Machines for Detecting Anomalous Windows Registry Accesses , 2003 .

[4] Frank D. Petruzella,et al. Programmable Logic Controllers , 1989 .

[5] Ken Yau. PLC Forensics Based on Control Program Logic Change Detection , 2019 .

[6] Tina Wu,et al. Exploring The Use Of PLC Debugging Tools For Digital Forensic Investigations On SCADA Systems , 2015, J. Digit. Forensics Secur. Law.

[7] K. P. Chow,et al. Detecting Anomalous Programmable Logic Controller Events Using Machine Learning , 2017, IFIP Int. Conf. Digital Forensics.

[8] Karen A. Scarfone,et al. Guide to Industrial Control Systems (ICS) Security , 2015 .