Towards Self-learning Industrial Process Behaviour from Payload Bytes for Anomaly Detection

Network Intrusion Detection System (NIDS) for process-based anomaly detection have been developed as one of the cybersecurity solutions against industrial process targeted attacks such as Stuxnet. In practice, the real-world industrial plants could not complement the advancements in the industrial c...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Proceedings (IEEE International Conference on Emerging Technologies and Factory Automation) S. 1 - 8
Hauptverfasser: Meshram, Ankush, Karch, Markus, Haas, Christian, Beyerer, Jurgen
Format: Tagungsbericht
Sprache:Englisch
Veröffentlicht: IEEE 12.09.2023
Schlagworte:
Industrial Control Systems
Machine Learning
Machine learning algorithms
Network intrusion detection
Process control
Protocols
Semantics
String Algorithm
Support vector machines
Telecommunication traffic
ISSN:1946-0759
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Network Intrusion Detection System (NIDS) for process-based anomaly detection have been developed as one of the cybersecurity solutions against industrial process targeted attacks such as Stuxnet. In practice, the real-world industrial plants could not complement the advancements in the industrial cybersecurity research as upgrading the infrastructure is an expensive and deterrent process for plant owners. In addition, the infrastructure information might be lost over the intended longer lifetime, hence, configuring a NIDS in the absence of such information is a challenge. Moreover, the existing NIDS solutions analyze the industrial process values/parameters with the knowledge of their semantics, and would fail when the semantics is not known or lost. As a solution to aforementioned problem, we propose an industrial communication paradigm aware Process Payload Profiling Framework (P3F), capable of self-learning process behavior from network traffic without the knowledge of underlying process parameters being exchanged. We also report P3F's successful detection of an anomaly in the process of a miniaturized PROFINET-based industrial system, caused by a simulated process-targeted cyberattack.
ISSN:1946-0759
DOI:10.1109/ETFA54631.2023.10275358