Visible to the public Tracing and detection of ICS Anomalies Based on Causality Mutations

TitleTracing and detection of ICS Anomalies Based on Causality Mutations
Publication TypeConference Paper
Year of Publication2020
AuthorsZhang, R., Cao, Z., Wu, K.
Conference Name2020 IEEE 5th Information Technology and Mechatronics Engineering Conference (ITOEC)
Date PublishedJune 2020
ISBN Number978-1-7281-4323-1
Keywordsanomaly detection, anomaly detection algorithm, anomaly location strategy, anomaly node, anomaly source traceable, causal anomaly detection, causal modeling algorithm, causal network, causality mining algorithm, causality modeling, causality mutations, comparison algorithm, control engineering computing, Correlation, data mining, Entropy, ICS anomalies, ICS Anomaly Detection, industrial control, industrial control physics, industrial control system, information entropy, Microwave integrated circuits, production engineering computing, pubcrawl, resilience, Resiliency, Scalability, security of data, traceability of anomaly

The algorithm of causal anomaly detection in industrial control physics is proposed to determine the normal cloud line of industrial control system so as to accurately detect the anomaly. In this paper, The causal modeling algorithm combining Maximum Information Coefficient and Transfer Entropy was used to construct the causal network among nodes in the system. Then, the abnormal nodes and the propagation path of the anomaly are deduced from the structural changes of the causal network before and after the attack. Finally, an anomaly detection algorithm based on hybrid differential cumulative is used to identify the specific anomaly data in the anomaly node. The stability of causality mining algorithm and the validity of locating causality anomalies are verified by using the data of classical chemical process. Experimental results show that the anomaly detection algorithm is better than the comparison algorithm in accuracy, false negative rate and recall rate, and the anomaly location strategy makes the anomaly source traceable.

Citation Keyzhang_tracing_2020