FME Transactions (Jan 2019)
Applying methods of machine learning in the task of intrusion detection based on the analysis of industrial process state and ICS networking
Abstract
Modern industrial control systems (ICS) are increasingly becoming targets of cyber attacks. Traditional security tools based on a signature approach are not always able to detect a new attack, the signature of which has not yet been described. In particular, this occurs during targeted attacks on industrial facilities. Cyber attacks can cause anomalies in the operation of an industrial control system and process equipment under its control. Therefore, to detect attacks, it is advisable to use an approach based on the detection of anomalies. A reasonable way to implement this approach is to use machine learning techniques. The paper deals with the most common methods of machine learning (decision tree algorithms, linear algorithms, support vector machine) and neural networks. To assess their applicability in the problem of detection of ICS anomalies, the Additional Tennessee Eastman Process Simulation Data for Anomaly Detection Evaluation and Gas Pipeline datasets were used.
