Applying methods of machine learning in the task of intrusion detection based on the analysis of industrial process state and ICS networking
Modern industrial control systems (ICS) are increasingly becoming targets of cyber attacks. Traditional security tools based on a signature approach are not always able to detect a new attack, the signature of which has not yet been described. In particular, this occurs during targeted attacks on in...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
University of Belgrade - Faculty of Mechanical Engineering, Belgrade
2019-01-01
|
| Series: | FME Transactions |
| Subjects: | |
| Online Access: | https://scindeks-clanci.ceon.rs/data/pdf/1451-2092/2019/1451-20921904782S.pdf |
| _version_ | 1819043716441047040 |
|---|---|
| author | Sokolov Alexander N. Pyatnitsky Ilya A. Alabugin Sergei K. |
| author_facet | Sokolov Alexander N. Pyatnitsky Ilya A. Alabugin Sergei K. |
| author_sort | Sokolov Alexander N. |
| collection | DOAJ |
| description | Modern industrial control systems (ICS) are increasingly becoming targets of cyber attacks. Traditional security tools based on a signature approach are not always able to detect a new attack, the signature of which has not yet been described. In particular, this occurs during targeted attacks on industrial facilities. Cyber attacks can cause anomalies in the operation of an industrial control system and process equipment under its control. Therefore, to detect attacks, it is advisable to use an approach based on the detection of anomalies. A reasonable way to implement this approach is to use machine learning techniques. The paper deals with the most common methods of machine learning (decision tree algorithms, linear algorithms, support vector machine) and neural networks. To assess their applicability in the problem of detection of ICS anomalies, the Additional Tennessee Eastman Process Simulation Data for Anomaly Detection Evaluation and Gas Pipeline datasets were used. |
| first_indexed | 2024-12-21T10:01:12Z |
| format | Article |
| id | doaj.art-5c8366afde70410b8bb8b3cb8a991c7e |
| institution | Directory Open Access Journal |
| issn | 1451-2092 2406-128X |
| language | English |
| last_indexed | 2024-12-21T10:01:12Z |
| publishDate | 2019-01-01 |
| publisher | University of Belgrade - Faculty of Mechanical Engineering, Belgrade |
| record_format | Article |
| series | FME Transactions |
| spelling | doaj.art-5c8366afde70410b8bb8b3cb8a991c7e2022-12-21T19:07:57ZengUniversity of Belgrade - Faculty of Mechanical Engineering, BelgradeFME Transactions1451-20922406-128X2019-01-014747827891451-20921904782SApplying methods of machine learning in the task of intrusion detection based on the analysis of industrial process state and ICS networkingSokolov Alexander N.0Pyatnitsky Ilya A.1Alabugin Sergei K.2South Ural State University, School of Electrical Engineering and Computer Science, Information Security Department, Chelyabinsk, RussiaSouth Ural State University, School of Electrical Engineering and Computer Science, Information Security Department, Chelyabinsk, RussiaSouth Ural State University, School of Electrical Engineering and Computer Science, Information Security Department, Chelyabinsk, RussiaModern industrial control systems (ICS) are increasingly becoming targets of cyber attacks. Traditional security tools based on a signature approach are not always able to detect a new attack, the signature of which has not yet been described. In particular, this occurs during targeted attacks on industrial facilities. Cyber attacks can cause anomalies in the operation of an industrial control system and process equipment under its control. Therefore, to detect attacks, it is advisable to use an approach based on the detection of anomalies. A reasonable way to implement this approach is to use machine learning techniques. The paper deals with the most common methods of machine learning (decision tree algorithms, linear algorithms, support vector machine) and neural networks. To assess their applicability in the problem of detection of ICS anomalies, the Additional Tennessee Eastman Process Simulation Data for Anomaly Detection Evaluation and Gas Pipeline datasets were used.https://scindeks-clanci.ceon.rs/data/pdf/1451-2092/2019/1451-20921904782S.pdfics securityintrusion detectionmachine learningneural networksanomaly detection |
| spellingShingle | Sokolov Alexander N. Pyatnitsky Ilya A. Alabugin Sergei K. Applying methods of machine learning in the task of intrusion detection based on the analysis of industrial process state and ICS networking FME Transactions ics security intrusion detection machine learning neural networks anomaly detection |
| title | Applying methods of machine learning in the task of intrusion detection based on the analysis of industrial process state and ICS networking |
| title_full | Applying methods of machine learning in the task of intrusion detection based on the analysis of industrial process state and ICS networking |
| title_fullStr | Applying methods of machine learning in the task of intrusion detection based on the analysis of industrial process state and ICS networking |
| title_full_unstemmed | Applying methods of machine learning in the task of intrusion detection based on the analysis of industrial process state and ICS networking |
| title_short | Applying methods of machine learning in the task of intrusion detection based on the analysis of industrial process state and ICS networking |
| title_sort | applying methods of machine learning in the task of intrusion detection based on the analysis of industrial process state and ics networking |
| topic | ics security intrusion detection machine learning neural networks anomaly detection |
| url | https://scindeks-clanci.ceon.rs/data/pdf/1451-2092/2019/1451-20921904782S.pdf |
| work_keys_str_mv | AT sokolovalexandern applyingmethodsofmachinelearninginthetaskofintrusiondetectionbasedontheanalysisofindustrialprocessstateandicsnetworking AT pyatnitskyilyaa applyingmethodsofmachinelearninginthetaskofintrusiondetectionbasedontheanalysisofindustrialprocessstateandicsnetworking AT alabuginsergeik applyingmethodsofmachinelearninginthetaskofintrusiondetectionbasedontheanalysisofindustrialprocessstateandicsnetworking |