Anomaly Detection in ICS based on Data-history Analysis

Data of industrial control systems (ICS) are increasingly subject to cyber attacks which should be detected by approaches such as anomaly detection before they can take effect. However, examples such as Stuxnet, Industroyer or Triton show that, despite all the precautions taken, it is still possible to overcome anomaly detection systems and cause damage. Similarly, damage can be made by intentional malicious and unintentional changes by employees in programming or configuration of ICS components. An example is an employee who unintentionally manipulates a machine's configuration to a higher temperature limit than it should have. The potential consequence would be that the machine overheats and breaks. The aim of the project MADISA (Machine Learning for Attack Detection Using Data of Industrial Control Systems) is to identify such anomalies in the data of ICS by examining the data-sets and creating a machine learning system (MLS) based on heuristics over meta-data, configurations and code content. For this purpose, this poster provides a structured analysis of real-world projects from a German automobile manufacturer which lead to first attributes in this unexplored approach for creating heuristics to anomaly detection of historic data in ICS.

[1]  Piroska Haller,et al.  Data clustering-based anomaly detection in industrial control systems , 2014, 2014 IEEE 10th International Conference on Intelligent Computer Communication and Processing (ICCP).

[2]  Konrad Rieck,et al.  ZOE: Content-Based Anomaly Detection for Industrial Control Systems , 2018, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[3]  Elaine Shi,et al.  Towards Automated Safety Vetting of PLC Code in Real-World Plants , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[4]  R B Zhang,et al.  Anomaly Detection of ICS based on EB-OCSVM , 2019, Journal of Physics: Conference Series.

[5]  Irfan Ahmed,et al.  Control Logic Injection Attacks on Industrial Control Systems , 2019, SEC.

[6]  Jamie B. Coble,et al.  Multilayer Data-Driven Cyber-Attack Detection System for Industrial Control Systems Based on Network, System, and Process Data , 2019, IEEE Transactions on Industrial Informatics.

[7]  Aditya Mathur,et al.  A Systematic Framework to Generate Invariants for Anomaly Detection in Industrial Control Systems , 2019, NDSS.