Anomaly detection methods for detecting cyber attacks in industrial control systems
Thesis: S.M., Massachusetts Institute of Technology, Sloan School of Management, Operations Research Center, September, 2020
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | eng |
| Published: |
Massachusetts Institute of Technology
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/1721.1/129055 |
| _version_ | 1811079311690563584 |
|---|---|
| author | Liu, Jessamyn. |
| author2 | Retsef Levi |
| author_facet | Retsef Levi Liu, Jessamyn. |
| author_sort | Liu, Jessamyn. |
| collection | MIT |
| description | Thesis: S.M., Massachusetts Institute of Technology, Sloan School of Management, Operations Research Center, September, 2020 |
| first_indexed | 2024-09-23T11:13:12Z |
| format | Thesis |
| id | mit-1721.1/129055 |
| institution | Massachusetts Institute of Technology |
| language | eng |
| last_indexed | 2024-09-23T11:13:12Z |
| publishDate | 2021 |
| publisher | Massachusetts Institute of Technology |
| record_format | dspace |
| spelling | mit-1721.1/1290552021-01-06T03:47:07Z Anomaly detection methods for detecting cyber attacks in industrial control systems Liu, Jessamyn. Retsef Levi Massachusetts Institute of Technology. Operations Research Center. Massachusetts Institute of Technology. Operations Research Center Operations Research Center. Thesis: S.M., Massachusetts Institute of Technology, Sloan School of Management, Operations Research Center, September, 2020 Cataloged from PDF version of thesis. Includes bibliographical references (pages 119-123). Industrial control systems (ICS) are pervasive in modern society and increasingly under threat of cyber attack. Due to the critical nature of these systems, which govern everything from power and wastewater plants to refineries and manufacturing, a successful ICS cyber attack can result in serious physical consequences. This thesis evaluates multiple anomaly detection methods to quickly and accurately detect ICS cyber attacks. Two fundamental challenges in developing ICS cyber attack detection methods are the lack of historical attack data and the ability of attackers to make their malicious activity appear normal. The goal of this thesis is to develop methods which generalize well to anomalies that are not included in the training data and to increase the sensitivity of detection methods without increasing the false alarm rate. The thesis presents and analyzes a baseline detection method, the multivariate Shewhart control chart, and four extensions to the Shewhart chart which use machine learning or optimization methods to improve detection performance. Two of these methods, stationary subspace analysis and maximized ratio divergence analysis, are based on dimensionality reduction techniques, and an additional model-based method is implemented using residuals from LASSO regression models. The thesis also develops an ensemble method which uses an optimization formulation to combine the output of multiple models in a way that minimizes detection delay. When evaluated on 380 samples from the Kasperskey Tennessee Eastman process dataset, a simulated chemical process that includes disruptions from cyber attacks, the ensemble method reduced detection delay on attack data by 12% (55 minutes) on average when compared to the baseline method and was 9% (42 minutes) faster on average than the method which performed best on training data. by Jessamyn Liu. S.M. S.M. Massachusetts Institute of Technology, Sloan School of Management, Operations Research Center 2021-01-05T23:15:45Z 2021-01-05T23:15:45Z 2020 2020 Thesis https://hdl.handle.net/1721.1/129055 1227095727 eng MIT theses may be protected by copyright. Please reuse MIT thesis content according to the MIT Libraries Permissions Policy, which is available through the URL provided. http://dspace.mit.edu/handle/1721.1/7582 123 pages application/pdf Massachusetts Institute of Technology |
| spellingShingle | Operations Research Center. Liu, Jessamyn. Anomaly detection methods for detecting cyber attacks in industrial control systems |
| title | Anomaly detection methods for detecting cyber attacks in industrial control systems |
| title_full | Anomaly detection methods for detecting cyber attacks in industrial control systems |
| title_fullStr | Anomaly detection methods for detecting cyber attacks in industrial control systems |
| title_full_unstemmed | Anomaly detection methods for detecting cyber attacks in industrial control systems |
| title_short | Anomaly detection methods for detecting cyber attacks in industrial control systems |
| title_sort | anomaly detection methods for detecting cyber attacks in industrial control systems |
| topic | Operations Research Center. |
| url | https://hdl.handle.net/1721.1/129055 |
| work_keys_str_mv | AT liujessamyn anomalydetectionmethodsfordetectingcyberattacksinindustrialcontrolsystems |