Comparison of industrial control system anomaly detection methods

Thumbnail Image
Files
adef_ricss_2024.pdf(1.37 MB)
Accepted Version
Date
2024-11-20
Authors
Sobonski, Piotr
Roedig, Utz
Journal Title
Journal ISSN
Volume Title
Publisher
Association for Computing Machinery (ACM)
Published Version
https://doi.org/10.1145/3689930.3695211
Research Projects
Organizational Units
Journal Issue
Abstract
Industrial Control System (ICS) are used to produce goods that must be free of errors. Examples are medicines, medical equipment or vehicle parts. It is essential in such production environments to detect an attack which may aim to compromise goods. While Anomaly Detection (AD) is common to protect Information Technology (IT) infrastructure, it is not yet widely used to protect Operational Technology (OT) elements such as ICS and ultimately production. In this work we analyze the usefulness of different AD algorithms in the context of ICS. We aim to determine if simple statistical methods such as K-Means clustering (K-Means), Density-Based Spatial Clustering of Applications with Noise (DBSCAN), Stochastic Gradient Decent (SGD) or Support Vector Machine (SVM) are sufficient or if more advanced Machine Learning (ML) algorithms such as an Autoencoder are necessary to achieve a useful performance. Specifically, we consider real-world constraints such as limited available attack examples in training data and variations in background conditions. We use an evaluation framework called Anomaly Detection Evaluation Framework (ADEF) to model an autoclave manufacturing use case and possible attacks. Using ADEF we benchmark different AD algorithms. Our results show that simple methods perform very well, that large amount of attack examples are un necessary and that fluctuations in environmental conditions pose a significant challenge.
Description
Keywords
ICS security , ICS simulation , ICS anomaly detection , ICS attacks , CPS security
Citation
Sobonski, P. and Roedig, U. (2024) 'Comparison of industrial control system anomaly detection methods', Proceedings of the 2024 Workshop on Re-design Industrial Control Systems with Security, Salt Lake City, UT, USA, 14 - 18 October, pp. 79-85. https://doi.org/10.1145/3689930.3695211
Link to publisher’s version
URI
https://hdl.handle.net/10468/16875
Collections
Computer Science - Conference Items
Copyright
© 2024, the authors. Publication rights licensed to ACM. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.