A Machine Learning Approach for Anomaly Detection in Industrial Control Systems Based on Measurement Data
Attack detection problems in industrial control systems (ICSs) are commonly known as a network traffic monitoring scheme for detecting abnormal activities. However, a network-based intrusion detection system can be deceived by attackers that imitate the system’s normal activity. In this work, we pro...
Gespeichert in:
| Veröffentlicht in: | Electronics (Basel) 2021, Vol.10 (4), p.407 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | 4 |
| container_start_page | 407 |
| container_title | Electronics (Basel) |
| container_volume | 10 |
| creator | Mokhtari, Sohrab Abbaspour, Alireza Yen, Kang K. Sargolzaei, Arman |
| description | Attack detection problems in industrial control systems (ICSs) are commonly known as a network traffic monitoring scheme for detecting abnormal activities. However, a network-based intrusion detection system can be deceived by attackers that imitate the system’s normal activity. In this work, we proposed a novel solution to this problem based on measurement data in the supervisory control and data acquisition (SCADA) system. The proposed approach is called measurement intrusion detection system (MIDS), which enables the system to detect any abnormal activity in the system even if the attacker tries to conceal it in the system’s control layer. A supervised machine learning model is generated to classify normal and abnormal activities in an ICS to evaluate the MIDS performance. A hardware-in-the-loop (HIL) testbed is developed to simulate the power generation units and exploit the attack dataset. In the proposed approach, we applied several machine learning models on the dataset, which show remarkable performances in detecting the dataset’s anomalies, especially stealthy attacks. The results show that the random forest is performing better than other classifier algorithms in detecting anomalies based on measured data in the testbed. |
| doi_str_mv | 10.3390/electronics10040407 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2489050808</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2489050808</sourcerecordid><originalsourceid>FETCH-LOGICAL-c322t-a6cf0bec00f5a29bd57aa66a7580ab88773ae74f00c5b00bd1c466621b1a3e3d3</originalsourceid><addsrcrecordid>eNptkE1PwzAMhiMEEtPYL-ASiXPBTfp5LBsfkzZxAM6Vm7qQqU1Gkh327wkaBw7YB7-yXvmRX8auU7iVsoY7GkkFZ41WPgXIYpdnbCagrJNa1OL8j75kC-93EKtOZSVhxnTDt6g-tSG-IXRGmw_e7PfOxiUfrOONsROOR76iEDHaGq4NX5v-4IPTOPKlNRE-8tejDzR5fo-eeh5tW0J_cDSRCXyFAa_YxYCjp8XvnLP3x4e35XOyeXlaL5tNoqQQIcFCDdCRAhhyFHXX5yViUWCZV4BdVZWlRCqzAUDlHUDXpyorikKkXYqSZC_n7OZ0Nz7xdSAf2p09OBORrciqGnKooIoueXIpZ713NLR7pyd0xzaF9ifW9p9Y5TesMG7P</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2489050808</pqid></control><display><type>article</type><title>A Machine Learning Approach for Anomaly Detection in Industrial Control Systems Based on Measurement Data</title><source>MDPI - Multidisciplinary Digital Publishing Institute</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Mokhtari, Sohrab ; Abbaspour, Alireza ; Yen, Kang K. ; Sargolzaei, Arman</creator><creatorcontrib>Mokhtari, Sohrab ; Abbaspour, Alireza ; Yen, Kang K. ; Sargolzaei, Arman</creatorcontrib><description>Attack detection problems in industrial control systems (ICSs) are commonly known as a network traffic monitoring scheme for detecting abnormal activities. However, a network-based intrusion detection system can be deceived by attackers that imitate the system’s normal activity. In this work, we proposed a novel solution to this problem based on measurement data in the supervisory control and data acquisition (SCADA) system. The proposed approach is called measurement intrusion detection system (MIDS), which enables the system to detect any abnormal activity in the system even if the attacker tries to conceal it in the system’s control layer. A supervised machine learning model is generated to classify normal and abnormal activities in an ICS to evaluate the MIDS performance. A hardware-in-the-loop (HIL) testbed is developed to simulate the power generation units and exploit the attack dataset. In the proposed approach, we applied several machine learning models on the dataset, which show remarkable performances in detecting the dataset’s anomalies, especially stealthy attacks. The results show that the random forest is performing better than other classifier algorithms in detecting anomalies based on measured data in the testbed.</description><identifier>ISSN: 2079-9292</identifier><identifier>EISSN: 2079-9292</identifier><identifier>DOI: 10.3390/electronics10040407</identifier><language>eng</language><publisher>Basel: MDPI AG</publisher><subject>Algorithms ; Anomalies ; Automation ; Communication ; Communications networks ; Communications traffic ; Control systems ; Data encryption ; Datasets ; Distributed control systems ; Electric power generation ; Hardware-in-the-loop simulation ; Industrial electronics ; Infrastructure ; Intrusion detection systems ; Machine learning ; Network security ; Performance evaluation ; Power plants ; Supervisory control and data acquisition ; Virtual private networks</subject><ispartof>Electronics (Basel), 2021, Vol.10 (4), p.407</ispartof><rights>2021. This work is licensed under http://creativecommons.org/licenses/by/3.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c322t-a6cf0bec00f5a29bd57aa66a7580ab88773ae74f00c5b00bd1c466621b1a3e3d3</citedby><cites>FETCH-LOGICAL-c322t-a6cf0bec00f5a29bd57aa66a7580ab88773ae74f00c5b00bd1c466621b1a3e3d3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,4010,27900,27901,27902</link.rule.ids></links><search><creatorcontrib>Mokhtari, Sohrab</creatorcontrib><creatorcontrib>Abbaspour, Alireza</creatorcontrib><creatorcontrib>Yen, Kang K.</creatorcontrib><creatorcontrib>Sargolzaei, Arman</creatorcontrib><title>A Machine Learning Approach for Anomaly Detection in Industrial Control Systems Based on Measurement Data</title><title>Electronics (Basel)</title><description>Attack detection problems in industrial control systems (ICSs) are commonly known as a network traffic monitoring scheme for detecting abnormal activities. However, a network-based intrusion detection system can be deceived by attackers that imitate the system’s normal activity. In this work, we proposed a novel solution to this problem based on measurement data in the supervisory control and data acquisition (SCADA) system. The proposed approach is called measurement intrusion detection system (MIDS), which enables the system to detect any abnormal activity in the system even if the attacker tries to conceal it in the system’s control layer. A supervised machine learning model is generated to classify normal and abnormal activities in an ICS to evaluate the MIDS performance. A hardware-in-the-loop (HIL) testbed is developed to simulate the power generation units and exploit the attack dataset. In the proposed approach, we applied several machine learning models on the dataset, which show remarkable performances in detecting the dataset’s anomalies, especially stealthy attacks. The results show that the random forest is performing better than other classifier algorithms in detecting anomalies based on measured data in the testbed.</description><subject>Algorithms</subject><subject>Anomalies</subject><subject>Automation</subject><subject>Communication</subject><subject>Communications networks</subject><subject>Communications traffic</subject><subject>Control systems</subject><subject>Data encryption</subject><subject>Datasets</subject><subject>Distributed control systems</subject><subject>Electric power generation</subject><subject>Hardware-in-the-loop simulation</subject><subject>Industrial electronics</subject><subject>Infrastructure</subject><subject>Intrusion detection systems</subject><subject>Machine learning</subject><subject>Network security</subject><subject>Performance evaluation</subject><subject>Power plants</subject><subject>Supervisory control and data acquisition</subject><subject>Virtual private networks</subject><issn>2079-9292</issn><issn>2079-9292</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>BENPR</sourceid><recordid>eNptkE1PwzAMhiMEEtPYL-ASiXPBTfp5LBsfkzZxAM6Vm7qQqU1Gkh327wkaBw7YB7-yXvmRX8auU7iVsoY7GkkFZ41WPgXIYpdnbCagrJNa1OL8j75kC-93EKtOZSVhxnTDt6g-tSG-IXRGmw_e7PfOxiUfrOONsROOR76iEDHaGq4NX5v-4IPTOPKlNRE-8tejDzR5fo-eeh5tW0J_cDSRCXyFAa_YxYCjp8XvnLP3x4e35XOyeXlaL5tNoqQQIcFCDdCRAhhyFHXX5yViUWCZV4BdVZWlRCqzAUDlHUDXpyorikKkXYqSZC_n7OZ0Nz7xdSAf2p09OBORrciqGnKooIoueXIpZ713NLR7pyd0xzaF9ifW9p9Y5TesMG7P</recordid><startdate>2021</startdate><enddate>2021</enddate><creator>Mokhtari, Sohrab</creator><creator>Abbaspour, Alireza</creator><creator>Yen, Kang K.</creator><creator>Sargolzaei, Arman</creator><general>MDPI AG</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SP</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L7M</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope></search><sort><creationdate>2021</creationdate><title>A Machine Learning Approach for Anomaly Detection in Industrial Control Systems Based on Measurement Data</title><author>Mokhtari, Sohrab ; Abbaspour, Alireza ; Yen, Kang K. ; Sargolzaei, Arman</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c322t-a6cf0bec00f5a29bd57aa66a7580ab88773ae74f00c5b00bd1c466621b1a3e3d3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Algorithms</topic><topic>Anomalies</topic><topic>Automation</topic><topic>Communication</topic><topic>Communications networks</topic><topic>Communications traffic</topic><topic>Control systems</topic><topic>Data encryption</topic><topic>Datasets</topic><topic>Distributed control systems</topic><topic>Electric power generation</topic><topic>Hardware-in-the-loop simulation</topic><topic>Industrial electronics</topic><topic>Infrastructure</topic><topic>Intrusion detection systems</topic><topic>Machine learning</topic><topic>Network security</topic><topic>Performance evaluation</topic><topic>Power plants</topic><topic>Supervisory control and data acquisition</topic><topic>Virtual private networks</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Mokhtari, Sohrab</creatorcontrib><creatorcontrib>Abbaspour, Alireza</creatorcontrib><creatorcontrib>Yen, Kang K.</creatorcontrib><creatorcontrib>Sargolzaei, Arman</creatorcontrib><collection>CrossRef</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><jtitle>Electronics (Basel)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Mokhtari, Sohrab</au><au>Abbaspour, Alireza</au><au>Yen, Kang K.</au><au>Sargolzaei, Arman</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Machine Learning Approach for Anomaly Detection in Industrial Control Systems Based on Measurement Data</atitle><jtitle>Electronics (Basel)</jtitle><date>2021</date><risdate>2021</risdate><volume>10</volume><issue>4</issue><spage>407</spage><pages>407-</pages><issn>2079-9292</issn><eissn>2079-9292</eissn><abstract>Attack detection problems in industrial control systems (ICSs) are commonly known as a network traffic monitoring scheme for detecting abnormal activities. However, a network-based intrusion detection system can be deceived by attackers that imitate the system’s normal activity. In this work, we proposed a novel solution to this problem based on measurement data in the supervisory control and data acquisition (SCADA) system. The proposed approach is called measurement intrusion detection system (MIDS), which enables the system to detect any abnormal activity in the system even if the attacker tries to conceal it in the system’s control layer. A supervised machine learning model is generated to classify normal and abnormal activities in an ICS to evaluate the MIDS performance. A hardware-in-the-loop (HIL) testbed is developed to simulate the power generation units and exploit the attack dataset. In the proposed approach, we applied several machine learning models on the dataset, which show remarkable performances in detecting the dataset’s anomalies, especially stealthy attacks. The results show that the random forest is performing better than other classifier algorithms in detecting anomalies based on measured data in the testbed.</abstract><cop>Basel</cop><pub>MDPI AG</pub><doi>10.3390/electronics10040407</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 2079-9292 |
| ispartof | Electronics (Basel), 2021, Vol.10 (4), p.407 |
| issn | 2079-9292 2079-9292 |
| language | eng |
| recordid | cdi_proquest_journals_2489050808 |
| source | MDPI - Multidisciplinary Digital Publishing Institute; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals |
| subjects | Algorithms Anomalies Automation Communication Communications networks Communications traffic Control systems Data encryption Datasets Distributed control systems Electric power generation Hardware-in-the-loop simulation Industrial electronics Infrastructure Intrusion detection systems Machine learning Network security Performance evaluation Power plants Supervisory control and data acquisition Virtual private networks |
| title | A Machine Learning Approach for Anomaly Detection in Industrial Control Systems Based on Measurement Data |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-05T06%3A38%3A10IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Machine%20Learning%20Approach%20for%20Anomaly%20Detection%20in%20Industrial%20Control%20Systems%20Based%20on%20Measurement%20Data&rft.jtitle=Electronics%20(Basel)&rft.au=Mokhtari,%20Sohrab&rft.date=2021&rft.volume=10&rft.issue=4&rft.spage=407&rft.pages=407-&rft.issn=2079-9292&rft.eissn=2079-9292&rft_id=info:doi/10.3390/electronics10040407&rft_dat=%3Cproquest_cross%3E2489050808%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2489050808&rft_id=info:pmid/&rfr_iscdi=true |