TY - JOUR
T1 - FALCON: Framework for Anomaly Detection in Industrial Control Systems
T2 - Framework for anomaly detection in industrial control systems
AU - Sapkota, Subin
AU - Mehdy, A.K.M. Nuhil
AU - Reese, Stephen
AU - Mehrpouyan, Hoda
N1 - Sapkota, Subin; Mehdy, A.K.M. Nuhil; Reese, Stephen; and Mehrpouyan, Hoda. (2020). "FALCON: Framework for Anomaly Detection in Industrial Control Systems". Electronics, 9(8), 1192. https://doi.org/10.3390/electronics9081192
PY - 2020/8/1
Y1 - 2020/8/1
N2 - Industrial Control Systems (ICS) are used to control physical processes in critical infrastructure. These systems are used in a wide variety of operations such as water treatment, power generation and distribution, and manufacturing. While the safety and security of these systems are of serious concern, recent reports have shown an increase in targeted attacks aimed at manipulating physical processes to cause catastrophic consequences. This trend emphasizes the need for algorithms and tools that provide resilient and smart attack detection mechanisms to protect ICS. In this paper, we propose an anomaly detection framework for ICS based on a deep neural network. The proposed methodology uses dilated convolution and long short-term memory (LSTM) layers to learn temporal as well as long term dependencies within sensor and actuator data in an ICS. The sensor/actuator data are passed through a unique feature engineering pipeline where wavelet transformation is applied to the sensor signals to extract features that are fed into the model. Additionally, this paper explores four variations of supervised deep learning models, as well as an unsupervised support vector machine (SVM) model for this problem. The proposed framework is validated on Secure Water Treatment testbed results. This framework detects more attacks in a shorter period of time than previously published methods.
AB - Industrial Control Systems (ICS) are used to control physical processes in critical infrastructure. These systems are used in a wide variety of operations such as water treatment, power generation and distribution, and manufacturing. While the safety and security of these systems are of serious concern, recent reports have shown an increase in targeted attacks aimed at manipulating physical processes to cause catastrophic consequences. This trend emphasizes the need for algorithms and tools that provide resilient and smart attack detection mechanisms to protect ICS. In this paper, we propose an anomaly detection framework for ICS based on a deep neural network. The proposed methodology uses dilated convolution and long short-term memory (LSTM) layers to learn temporal as well as long term dependencies within sensor and actuator data in an ICS. The sensor/actuator data are passed through a unique feature engineering pipeline where wavelet transformation is applied to the sensor signals to extract features that are fed into the model. Additionally, this paper explores four variations of supervised deep learning models, as well as an unsupervised support vector machine (SVM) model for this problem. The proposed framework is validated on Secure Water Treatment testbed results. This framework detects more attacks in a shorter period of time than previously published methods.
KW - attack detection
KW - industrial controls systems
KW - neural networks
UR - https://scholarworks.boisestate.edu/cs_facpubs/301
UR - http://www.scopus.com/inward/record.url?scp=85088572328&partnerID=8YFLogxK
U2 - 10.3390/electronics9081192
DO - 10.3390/electronics9081192
M3 - Article
VL - 9
SP - 1
EP - 20
JO - Electronics
JF - Electronics
IS - 8
M1 - 1192
ER -