University of Twente Student Theses
Multi-domain Cyber-attack Detection in Industrial Control Systems
Konijn, Jan-Paul (2022) Multi-domain Cyber-attack Detection in Industrial Control Systems.
|
PDF
9MB |
| Abstract: | Industrial control systems are everywhere and form the backbone of many critical infrastructures, directly affecting many aspects of life. Advanced technical requirements and increased connectivity have further converged the IT and the OT domains, thereby opening up new attack areas and creating new cyber risks. Given the importance of such systems, it is essential to ensure their security. Hence, this study proposes a method of integrating alert data of the physical domain and the network domain found in multi-domain industrial control system architectures to extract the strategy of an adversary performing a multi-stage attack, an approach that has only been done to a limited extent in the literature. First, we conduct a dataset survey of publicly available datasets and a digital twin for ICS. We find that the SWaT A6 2019 dataset is the most suitable since the dataset contains both raw network and physical sensor data under a series of attack steps. Then, three novel industrial control system detector types are introduced at different positions in the Purdue Model. The results on the SWaT A6 2019 dataset demonstrate that the detectors are able to identify all the attack events, with the largest false positive rate being 0.063. Finally, we use the alert output of our novel ICS attack detectors and the mock-up physical sensor detector as input for our proposed merging detector alerts method. This integration allows us to extract the attack strategy applied by a multi-stage attacker in an ICS environment. The results demonstrate the potential of this method to reduce the number of false positives by 81% on the SWaT A6 2019 dataset while still providing insight into the methodology used by the multi-stage attacker. |
| Item Type: | Essay (Master) |
| Clients: | TNO |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/93236 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page