Rethinking the Operation Pattern for Anomaly Detection in Industrial Cyber–Physical Systems
نویسندگان
چکیده
Anomaly detection has been proven to be an efficient way detect malicious behaviour and cyberattacks in industrial cyber–physical systems (ICPSs). However, most models are not entirely adapted the real world as they require intensive computational resources labelled data lack interpretability. This study investigated traffic of a coal mine system proposed improved features describe its operation pattern. Based on these features, this work combined basic deterministic finite automaton (DFA) normal distribution (ND) build unsupervised anomaly model, which uses hierarchical structure pursue To demonstrate capability, model was evaluated seven simulated attack types further compared with nine state-of-the-art works. The evaluation comparison results show that method achieved 99% F1-score is detecting sophisticated attacks. Furthermore, it average 17% increase precision 12% F1-Score previous These confirm advantages method. suggests future works should investigate pattern rather than pursuing complex algorithms.
منابع مشابه
Communication Pattern Monitoring: Improving the Utility of Anomaly Detection for Industrial Control Systems
Attacks on Industrial Control Systems (ICS) continue to grow in number and complexity, and well-crafted cyber attacks are aimed at both commodity and ICS-specific contexts. It has become imperative to create efficient ICS-specific defense mechanisms that complement traditional enterprise solutions. Most commercial solutions are not designed for ICS environments, rely only on pre-defined signatu...
متن کاملMoving dispersion method for statistical anomaly detection in intrusion detection systems
A unified method for statistical anomaly detection in intrusion detection systems is theoretically introduced. It is based on estimating a dispersion measure of numerical or symbolic data on successive moving windows in time and finding the times when a relative change of the dispersion measure is significant. Appropriate dispersion measures, relative differences, moving windows, as well as tec...
متن کاملAnomaly Detection for Industrial Big Data
As the Industrial Internet of Things (IIoTa) grows, systems are increasingly being monitored by arrays of sensors returning time-series data at ever-increasing ‘volume, velocity and variety’b (i.e. Industrial Big Datac). An obvious use for these data is real-time systems condition monitoring and prognostic time to failure analysis (remaining useful life, RUL). (e.g. See white papers by Senseye....
متن کاملBeyond the Cloud: Cyberphysical Systems
C louds offer a novel way to revitalize the seemingly archaic concept of time-sharing. Rather than relying on fixed mainframes, clouds thrive in the Internet. Clouds offer impressive efficiencies, unprecedented collaboration opportunities, and economies of scale for all manner of networked users. Yet cloud server farms have enormously costly power consumption footprints and require massive data...
متن کاملAssessment Methodology for Anomaly-Based Intrusion Detection in Cloud Computing
Cloud computing has become an attractive target for attackers as the mainstream technologies in the cloud, such as the virtualization and multitenancy, permit multiple users to utilize the same physical resource, thereby posing the so-called problem of internal facing security. Moreover, the traditional network-based intrusion detection systems (IDSs) are ineffective to be deployed in the cloud...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Applied sciences
سال: 2023
ISSN: ['2076-3417']
DOI: https://doi.org/10.3390/app13053244