Abstract
A variety of Intrusion Detection Systems (IDSs) for Industrial Control Systems have been proposed to detect attacks and alert operators. Passive and active detection schemes are characterised by whether or not they interact with the process under control, though both categories of approach have limitations relating to either known correlations in the process data or the use of explicit system modelling. We propose setpoint modification as a strategy to address those limitations. The approach superimposes Gaussian noises on setpoint values, which aids in revealing latent correlations between setpoints and measurements, thereby allowing machine learning-based IDSs to learn them during training and verify during inference. We show that by applying the approach to a linear system with PID control, statistical tests can be configured such that the distortion power of sensor attacks is nullified. Building on this foundation, we further adapt passive IDSs for active discovery of sensor attacks in a process-agnostic fashion. The proposed strategy is evaluated using a nonlinear and simulated industrial benchmark, affirming that the approach enhances intrusion detection performance when the specific sensor under consideration is targeted whilst incurring marginal cost. Finally, we explore changing setpoints concurrently when the attacker could manipulate an arbitrary sensor, which also boosts detection performance and motivates the exploration of setpoint selection.
Original language | English |
---|---|
Title of host publication | 2023 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech) |
Publisher | IEEE |
Number of pages | 9 |
ISBN (Electronic) | 9798350304602 |
ISBN (Print) | 9798350304619 |
DOIs | |
Publication status | Published - 25 Dec 2023 |
Event | 21st IEEE International Conference on Dependable, Autonomic & Secure Computing - Abu Dhabi, United Arab Emirates Duration: 14 Nov 2023 → 17 Nov 2023 https://icnetlab.org/cyber-science2023/dasc/index.html |
Publication series
Name | IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC) |
---|---|
Publisher | IEEE |
ISSN (Print) | 2837-0724 |
ISSN (Electronic) | 2837-0740 |
Conference
Conference | 21st IEEE International Conference on Dependable, Autonomic & Secure Computing |
---|---|
Abbreviated title | DASC 2023 |
Country/Territory | United Arab Emirates |
City | Abu Dhabi |
Period | 14/11/23 → 17/11/23 |
Internet address |