Visible to the public Hybrid Attack Detection Framework for Industrial Control Systems using 1D-Convolutional Neural Network and Isolation Forest

TitleHybrid Attack Detection Framework for Industrial Control Systems using 1D-Convolutional Neural Network and Isolation Forest
Publication TypeConference Paper
Year of Publication2020
AuthorsElnour, M., Meskin, N., Khan, K. M.
Conference Name2020 IEEE Conference on Control Technology and Applications (CCTA)
Date PublishedAug. 2020
ISBN Number978-1-7281-7140-1
Keywords1D-CNN model, actuators, anomaly detection, Auto-Encoder (AE), control engineering computing, convolutional neural network (CNN), Convolutional Neural Network models, Data models, feature extraction, feature extraction model, Forestry, ICs, ICS Anomaly Detection, industrial control, industrial control system, Industrial Control System (ICS), industrial plants, Isolation Forest (IF), isolation forest-based detection model, learning (artificial intelligence), neural nets, process control, production engineering computing, pubcrawl, resilience, Resiliency, Scalability, secure water treatment, Sensors, SWaT testbed

Industrial control systems (ICSs) are used in various infrastructures and industrial plants for realizing their control operation and ensuring their safety. Concerns about the cybersecurity of industrial control systems have raised due to the increased number of cyber-attack incidents on critical infrastructures in the light of the advancement in the cyber activity of ICSs. Nevertheless, the operation of the industrial control systems is bind to vital aspects in life, which are safety, economy, and security. This paper presents a semi-supervised, hybrid attack detection approach for industrial control systems by combining Isolation Forest and Convolutional Neural Network (CNN) models. The proposed framework is developed using the normal operational data, and it is composed of a feature extraction model implemented using a One-Dimensional Convolutional Neural Network (1D-CNN) and an isolation forest model for the detection. The two models are trained independently such that the feature extraction model aims to extract useful features from the continuous-time signals that are then used along with the binary actuator signals to train the isolation forest-based detection model. The proposed approach is applied to a down-scaled industrial control system, which is a water treatment plant known as the Secure Water Treatment (SWaT) testbed. The performance of the proposed method is compared with the other works using the same testbed, and it shows an improvement in terms of the detection capability.

Citation Keyelnour_hybrid_2020