IDEAS home Printed from https://ideas.repec.org/a/eee/ijocip/v24y2019icp48-68.html
   My bibliography  Save this article

On the practical integration of anomaly detection techniques in industrial control applications

Author

Listed:
  • Haller, Piroska
  • Genge, Béla
  • Duka, Adrian-Vasile

Abstract

Despite significant advances made on anomaly detection systems, few reports are found documenting their practical integration into the industrial realm. Furthermore, the literature reports a wide range of complex detection strategies, which may require hardware changes/updates in order to be supported by critical industrial equipment such as industrial controllers (e.g., Programmable Logic Controllers). To address these issues, this paper documents a systematic methodology for the practical integration of lightweight anomaly detection algorithms into industrial control applications. It shows that industrial controllers, and in particular the scheduling rate of user programs, are sensitive to network traffic-based disturbances. Therefore, the methodology embraces the task scheduling rates found in control applications, and their deviation from the “normal” behavior. It designs a “monitoring” task, and an innovative algorithm for detecting abnormal task scheduling rates by leveraging the cumulative sum model (CUSUM) and a regression strategy applied on a specific time interval. Essentially, the approach enhances the industrial controller with a “security module” that can trigger alerts to identify early cyber attacks. The approach is extensively analyzed in the context of two industrial controllers: a Phoenix Contact ILC 350-PN controller, and a Siemens SIMATIC S7-1200 Programmable controller.

Suggested Citation

  • Haller, Piroska & Genge, Béla & Duka, Adrian-Vasile, 2019. "On the practical integration of anomaly detection techniques in industrial control applications," International Journal of Critical Infrastructure Protection, Elsevier, vol. 24(C), pages 48-68.
    • Handle: RePEc:eee:ijocip:v:24:y:2019:i:c:p:48-68
    DOI: 10.1016/j.ijcip.2018.10.008
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1874548218301021
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijcip.2018.10.008?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Barbosa, Rafael Ramos Regis & Sadre, Ramin & Pras, Aiko, 2016. "Exploiting traffic periodicity in industrial control networks," International Journal of Critical Infrastructure Protection, Elsevier, vol. 13(C), pages 52-62.
    2. Jie, Xinchun & Wang, Haikuan & Fei, Minrui & Du, Dajun & Sun, Qing & Yang, T.C., 2018. "Anomaly behavior detection and reliability assessment of control systems based on association rules," International Journal of Critical Infrastructure Protection, Elsevier, vol. 22(C), pages 90-99.
    3. Giani, Annarita & Bent, Russell & Pan, Feng, 2014. "Phasor measurement unit selection for unobservable electric power data integrity attack detection," International Journal of Critical Infrastructure Protection, Elsevier, vol. 7(3), pages 155-164.
    4. Khalili, Abdullah & Sami, Ashkan & Khozaei, Amin & Pouresmaeeli, Saber, 2018. "SIDS: State-based intrusion detection for stage-based cyber physical systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 22(C), pages 113-124.
    5. Barbosa, Rafael Ramos Regis & Sadre, Ramin & Pras, Aiko, 2013. "Flow whitelisting in SCADA networks," International Journal of Critical Infrastructure Protection, Elsevier, vol. 6(3), pages 150-158.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Raman MR, Gauthama & Somu, Nivethitha & Mathur, A.P., 2020. "A multilayer perceptron model for anomaly detection in water treatment plants," International Journal of Critical Infrastructure Protection, Elsevier, vol. 31(C).
    2. Chen, Yinuo & Tian, Zhigang & He, Rui & Wang, Yifei & Xie, Shuyi, 2023. "Discovery of potential risks for the gas transmission station using monitoring data and the OOBN method," Reliability Engineering and System Safety, Elsevier, vol. 232(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Monzer, Mohamad-Houssein & Beydoun, Kamal & Ghaith, Alaa & Flaus, Jean-Marie, 2022. "Model-based IDS design for ICSs," Reliability Engineering and System Safety, Elsevier, vol. 225(C).
    2. Li, Lei & Wang, Wenting & Ma, Qiang & Pan, Kunpeng & Liu, Xin & Lin, Lin & Li, Jian, 2021. "Cyber attack estimation and detection for cyber-physical power systems," Applied Mathematics and Computation, Elsevier, vol. 400(C).
    3. Farsi, Hamed & Fanian, Ali & Taghiyarrenani, Zahra, 2019. "A novel online state-based anomaly detection system for process control networks," International Journal of Critical Infrastructure Protection, Elsevier, vol. 27(C).
    4. Meng Xia & Dajun Du & Minrui Fei & Xue Li & Taicheng Yang, 2020. "A Novel Sparse Attack Vector Construction Method for False Data Injection in Smart Grids," Energies, MDPI, vol. 13(11), pages 1-19, June.
    5. Fatima Salahdine & Naima Kaabouch, 2019. "Social Engineering Attacks: A Survey," Future Internet, MDPI, vol. 11(4), pages 1-17, April.
    6. Reda, Haftu Tasew & Anwar, Adnan & Mahmood, Abdun, 2022. "Comprehensive survey and taxonomies of false data injection attacks in smart grids: attack models, targets, and impacts," Renewable and Sustainable Energy Reviews, Elsevier, vol. 163(C).
    7. Genge, Béla & Kiss, István & Haller, Piroska, 2015. "A system dynamics approach for assessing the impact of cyber attacks on critical infrastructures," International Journal of Critical Infrastructure Protection, Elsevier, vol. 10(C), pages 3-17.
    8. SICARD, Franck & ZAMAI, Éric & FLAUS, Jean-Marie, 2019. "An approach based on behavioral models and critical states distance notion for improving cybersecurity of industrial control systems," Reliability Engineering and System Safety, Elsevier, vol. 188(C), pages 584-603.
    9. Genge, Béla & Graur, Flavius & Haller, Piroska, 2015. "Experimental assessment of network design approaches for protecting industrial control systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 11(C), pages 24-38.
    10. Jarmakiewicz, Jacek & Parobczak, Krzysztof & Maślanka, Krzysztof, 2017. "Cybersecurity protection for power grid control infrastructures," International Journal of Critical Infrastructure Protection, Elsevier, vol. 18(C), pages 20-33.
    11. Choubineh, Abouzar & Wood, David A. & Choubineh, Zahak, 2020. "Applying separately cost-sensitive learning and Fisher's discriminant analysis to address the class imbalance problem: A case study involving a virtual gas pipeline SCADA system," International Journal of Critical Infrastructure Protection, Elsevier, vol. 29(C).
    12. Genge, Béla & Haller, Piroska & Kiss, István, 2016. "A framework for designing resilient distributed intrusion detection systems for critical infrastructures," International Journal of Critical Infrastructure Protection, Elsevier, vol. 15(C), pages 3-11.
    13. Luca Foschini & Valentina Mignardi & Rebecca Montanari & Domenico Scotece, 2021. "An SDN-Enabled Architecture for IT/OT Converged Networks: A Proposal and Qualitative Analysis under DDoS Attacks," Future Internet, MDPI, vol. 13(10), pages 1-19, October.
    14. Lin, Chih-Yuan & Nadjm-Tehrani, Simin, 2023. "Protocol study and anomaly detection for server-driven traffic in SCADA networks," International Journal of Critical Infrastructure Protection, Elsevier, vol. 42(C).
    15. Etxezarreta, Xabier & Garitano, Iñaki & Iturbe, Mikel & Zurutuza, Urko, 2023. "Software-Defined Networking approaches for intrusion response in Industrial Control Systems: A survey," International Journal of Critical Infrastructure Protection, Elsevier, vol. 42(C).
    16. Wang, Wu & Harrou, Fouzi & Bouyeddou, Benamar & Senouci, Sidi-Mohammed & Sun, Ying, 2022. "Cyber-attacks detection in industrial systems using artificial intelligence-driven methods," International Journal of Critical Infrastructure Protection, Elsevier, vol. 38(C).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijocip:v:24:y:2019:i:c:p:48-68. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-critical-infrastructure-protection .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.