A clustering-based approach to detect cyber attacks in process control systems. Kiss, I., Genge, B., & Haller, P. In 2015 IEEE 13th International Conference on Industrial Informatics (INDIN), pages 142–148, July, 2015. ISSN: 2378-363X
doi  abstract   bibtex   
Modern Process Control Systems (PCS) exhibit an increasing trend towards the pervasive adoption of commodity, off-the-shelf Information and Communication Technologies (ICT). This has brought significant economical and operational benefits, but it also shifted the architecture of PCS from a completely isolated environment to an open, “system of systems” integration with traditional ICT systems, susceptible to traditional computer attacks. In this paper we present a novel approach to detect cyber attacks targeting measurements sent to control hardware, i.e., typically to Programmable Logical Controllers (PLC). The approach builds on the Gaussian mixture model to cluster sensor measurement values and a cluster assessment technique known as silhouette. We experimentally demonstrate that in this particular problem the Gaussian mixture clustering outperforms the k-means clustering algorithm. The effectiveness of the proposed technique is tested in a scenario involving the simulated Tennessee-Eastman chemical process and three different cyber attacks.
@inproceedings{kiss_clustering-based_2015,
	title = {A clustering-based approach to detect cyber attacks in process control systems},
	doi = {10.1109/INDIN.2015.7281725},
	abstract = {Modern Process Control Systems (PCS) exhibit an increasing trend towards the pervasive adoption of commodity, off-the-shelf Information and Communication Technologies (ICT). This has brought significant economical and operational benefits, but it also shifted the architecture of PCS from a completely isolated environment to an open, “system of systems” integration with traditional ICT systems, susceptible to traditional computer attacks. In this paper we present a novel approach to detect cyber attacks targeting measurements sent to control hardware, i.e., typically to Programmable Logical Controllers (PLC). The approach builds on the Gaussian mixture model to cluster sensor measurement values and a cluster assessment technique known as silhouette. We experimentally demonstrate that in this particular problem the Gaussian mixture clustering outperforms the k-means clustering algorithm. The effectiveness of the proposed technique is tested in a scenario involving the simulated Tennessee-Eastman chemical process and three different cyber attacks.},
	booktitle = {2015 {IEEE} 13th {International} {Conference} on {Industrial} {Informatics} ({INDIN})},
	author = {Kiss, István and Genge, Béla and Haller, Piroska},
	month = jul,
	year = {2015},
	note = {ISSN: 2378-363X},
	keywords = {Clustering algorithms, Computer crime, Engines, Gaussian mixture model, Mathematical model, Process control},
	pages = {142--148},
}

Downloads: 0