University of Twente Student Theses

Login
This website will be unavailable due to maintenance December 1st between 8:00 and 12:00 CET.

Learning Timed Mealy Machines of the Physical Processes of an Industrial Control System for Anomaly-based Attack Detection

Brouwer, R (2020) Learning Timed Mealy Machines of the Physical Processes of an Industrial Control System for Anomaly-based Attack Detection.

[img] PDF
2MB
Abstract:As Industrial Control Systems (ICS) are turning into automated and highly integrated systems, a closer link between the cyber world and the physical processes is created. Consequently, these critical systems are becoming more prone to cyber attacks. To prevent such systems of becoming unavailable or compromised due to an attack, we propose a method to monitor the physical process and to detect anomalous behaviour. We do this by defining an approach to automatically identify behaviour models of an ICS. Using a machine learning algorithm, state machines are inferred from time series data of sensors and actuators. The normal behaviour of these devices is modelled as Timed Mealy machines, identifying one per subprocess. The results show an efficient way of identifying the models without needing any expert knowledge of an ICS. By using the models as a classifier, the results show a good performance of detecting anomalous behaviour caused by attacks. For testing and validating our approach we use data from the SWaT testbed, i.e. a Secure Water Treatment testbed which is a scaled down representation of a water treatment plant. Out of 36 attack scenarios that were launched on the testbed, our approach detected 28 attacks correctly. The final precision rate shows us that of all the triggered alarms, around 85 percent is relevant. The final attack detection approach is also suitable for other types of industrial control systems.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:https://purl.utwente.nl/essays/80809
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page