17th AIAI 2021, 25 - 27 June 2021, Greece

System-wide anomaly detection of industrial control systems via deep learning and correlation analysis

Gordon Haylett, Zahra Jadidi, Kien Nguyen Thanh


  In the last few decades, as industrial control systems (ICSs) became more inter-connected via modern networking techniques, there has been a growing need for new security and monitoring techniques to protect these systems. Advanced cyber-attacks on industrial systems take multiple steps to reach ICS end devic-es. However, current anomaly detection systems can only detect attacks on in-dividual local devices, and they do not consider the impact or consequences of an individual attack on the rest of the ICS devices. In this paper, we aim to ex-plore how deep learning recurrent neural networks and correlation analysis techniques can be used collaboratively for anomaly detection in an ICS network on the scale of the entire systems. For each detected attack, our presented sys-tem-wide anomaly detection method will predict the next step of the attack. We use iTrust SWaT dataset and Power System Attack datasets from MSU national Labs to explore how the addition of correlation analysis to recurrent networks can expand anomaly detection methods to the system-wide scale.  

*** Title, author list and abstract as seen in the Camera-Ready version of the paper that was provided to Conference Committee. Small changes that may have occurred during processing by Springer may not appear in this window.