University of Twente Student Theses
Learning Timed Mealy Machines of the Physical Processes of an Industrial Control System for Anomaly-based Attack Detection
Brouwer, R (2020) Learning Timed Mealy Machines of the Physical Processes of an Industrial Control System for Anomaly-based Attack Detection.
|
PDF
2MB |
| Abstract: | As Industrial Control Systems (ICS) are turning into automated and highly integrated systems, a closer link between the cyber world and the physical processes is created. Consequently, these critical systems are becoming more prone to cyber attacks. To prevent such systems of becoming unavailable or compromised due to an attack, we propose a method to monitor the physical process and to detect anomalous behaviour. We do this by defining an approach to automatically identify behaviour models of an ICS. Using a machine learning algorithm, state machines are inferred from time series data of sensors and actuators. The normal behaviour of these devices is modelled as Timed Mealy machines, identifying one per subprocess. The results show an efficient way of identifying the models without needing any expert knowledge of an ICS. By using the models as a classifier, the results show a good performance of detecting anomalous behaviour caused by attacks. For testing and validating our approach we use data from the SWaT testbed, i.e. a Secure Water Treatment testbed which is a scaled down representation of a water treatment plant. Out of 36 attack scenarios that were launched on the testbed, our approach detected 28 attacks correctly. The final precision rate shows us that of all the triggered alarms, around 85 percent is relevant. The final attack detection approach is also suitable for other types of industrial control systems. |
| Item Type: | Essay (Master) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/80809 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page