Design and Analysis of Multimodel-Based Anomaly Intrusion Detection Systems in Industrial Process Automation

Industrial process automation is undergoing an increased use of information communication technologies due to high flexibility interoperability and easy administration. But it also induces new security risks to existing and future systems. Intrusion detection is a key technology for security protection. However, traditional intrusion detection systems for the IT domain are not entirely suitable for industrial process automation. In this paper, multiple models are constructed by comprehensively analyzing the multidomain knowledge of field control layers in industrial process automation, with consideration of two aspects: physics and information. And then, a novel multimodel-based anomaly intrusion detection system with embedded intelligence and resilient coordination for the field control system in industrial process automation is designed. In the system, an anomaly detection based on multimodel is proposed, and the corresponding intelligent detection algorithms are designed. Furthermore, to overcome the disadvantages of anomaly detection, a classifier based on an intelligent hidden Markov model, is designed to differentiate the actual attacks from faults. Finally, based on a combination simulation platform using optimized performance network engineering tool, the detection accuracy and the real-time performance of the proposed intrusion detection system are analyzed in detail. Experimental results clearly demonstrate that the proposed system has good performance in terms of high precision and good real-time capability.

[1]  Thomas Novak,et al.  Safety- and Security-Critical Services in Building Automation and Control Systems , 2010, IEEE Transactions on Industrial Electronics.

[2]  I.H. Lim,et al.  Security Protocols Against Cyber Attacks in the Distribution Automation System , 2010, IEEE Transactions on Power Delivery.

[3]  Aiko Pras,et al.  Intrusion Detection in SCADA Networks , 2010, AIMS.

[4]  Guo-Ping Liu,et al.  Design and Implementation of Secure Networked Predictive Control Systems Under Deception Attacks , 2012, IEEE Transactions on Control Systems Technology.

[5]  E. F. Vogel,et al.  A plant-wide industrial process control problem , 1993 .

[6]  Andrew J. Kornecki,et al.  Safety and security in industrial control , 2010, CSIIRW '10.

[7]  K. McLaughlin,et al.  Multiattribute SCADA-Specific Intrusion Detection System for Power Networks , 2014, IEEE Transactions on Power Delivery.

[8]  Xinghuo Yu,et al.  An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems , 2014, Comput. Secur..

[9]  Ravishankar K. Iyer,et al.  An Approach for Detecting and Distinguishing Errors versus Attacks in Sensor Networks , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[10]  Wei Gao,et al.  On SCADA control system command and response injection and intrusion detection , 2010, 2010 eCrime Researchers Summit.

[11]  S. Shankar Sastry,et al.  Understanding the physical and economic consequences of attacks on control systems , 2009, Int. J. Crit. Infrastructure Prot..

[12]  Matti Mantere,et al.  Network Traffic Features for Anomaly Detection in Specific Industrial Control System Network , 2013, Future Internet.

[13]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[14]  Milos Manic,et al.  Neural Network based Intrusion Detection System for critical infrastructures , 2009, 2009 International Joint Conference on Neural Networks.

[15]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[16]  Sherali Zeadally,et al.  Critical Control System Protection in the 21st Century , 2013, Computer.

[17]  Xavier Litrico,et al.  Cyber Security of Water SCADA Systems—Part II: Attack Detection Using Enhanced Hydrodynamic Models , 2013, IEEE Transactions on Control Systems Technology.

[18]  Adriano Valenzano,et al.  Review of Security Issues in Industrial Networks , 2013, IEEE Transactions on Industrial Informatics.

[19]  Cristina Alcaraz,et al.  Smart control of operational threats in control substations , 2013, Comput. Secur..

[20]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[21]  Paul W. Oman,et al.  Intrusion Detection and Event Monitoring in SCADA Networks , 2007, Critical Infrastructure Protection.

[22]  Enrico Zio,et al.  Vulnerability of Smart Grids With Variable Generation and Consumption: A System of Systems Perspective , 2013, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[23]  H. M. Leith,et al.  Identification and application of security measures for petrochemical industrial control systems , 2013 .

[24]  Dale Peterson,et al.  Quickdraw: Generating Security Log Events for Legacy SCADA and Control System Devices , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[25]  Ing-Ray Chen,et al.  Behavior-Rule Based Intrusion Detection Systems for Safety Critical Smart Grid Applications , 2013, IEEE Transactions on Smart Grid.

[26]  Siddharth Sridhar,et al.  Model-Based Attack Detection and Mitigation for Automatic Generation Control , 2014, IEEE Transactions on Smart Grid.

[27]  G. Manimaran,et al.  Cybersecurity for Critical Infrastructures: Attack and Defense Modeling , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[28]  Lutz H.-J. Lampe,et al.  Power line communication networks for large-scale control and automation systems , 2010, IEEE Communications Magazine.

[29]  Hartmut König,et al.  Towards Learning Normality for Anomaly Detection in Industrial Control Networks , 2013, AIMS.

[30]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[31]  Ing-Ray Chen,et al.  Adaptive Intrusion Detection of Malicious Unmanned Air Vehicles Using Behavior Rule Specifications , 2014, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[32]  Kevin A. Kwiat,et al.  Improving System Reliability Against Rational Attacks Under Given Resources , 2014, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[33]  S. Shankar Sastry,et al.  Rethinking security properties, threat models, and the design space in sensor networks: A case study in SCADA systems , 2009, Ad Hoc Networks.

[34]  G. Manimaran,et al.  Model-based intrustion detection for the smart grid (MINDS) , 2013, CSIIRW '13.

[35]  Naixue Xiong,et al.  Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communications , 2014, Inf. Sci..

[36]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[37]  Kim Schaffer,et al.  An Overview of Anomaly Detection , 2013, IT Professional.

[38]  Igor Nai Fovino,et al.  Critical State-Based Filtering System for Securing SCADA Network Protocols , 2012, IEEE Transactions on Industrial Electronics.

[39]  Kathryn S. McKinley,et al.  Hoard: a scalable memory allocator for multithreaded applications , 2000, SIGP.

[40]  Avishai Wool,et al.  Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems , 2013, Int. J. Crit. Infrastructure Prot..

[41]  Aiko Pras,et al.  Flow whitelisting in SCADA networks , 2013, Int. J. Crit. Infrastructure Prot..

[42]  Igor Nai Fovino,et al.  A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems , 2011, IEEE Transactions on Industrial Informatics.

[43]  N. Lawrence Ricker,et al.  Model predictive control of a continuous, nonlinear, two-phase reactor , 1993 .

[44]  Huajing Fang,et al.  Increasing mapping based hidden Markov model for dynamic process monitoring and diagnosis , 2014, Expert Syst. Appl..

[45]  Igor Nai Fovino,et al.  State-Based Network Intrusion Detection Systems for SCADA Protocols: A Proof of Concept , 2009, CRITIS.

[46]  S. Sastry,et al.  SCADA-specific Intrusion Detection / Prevention Systems : A Survey and Taxonomy , 2010 .