Double Behavior Characteristics for One-Class Classification Anomaly Detection in Networked Control Systems

Due to the growing dependencies of information network technology, networked control systems are undergoing a severe blow of cyberattacks, and simply modeling cyberattacks is inadequate and impractical for the detection requirements, because of various vulnerabilities in these systems and the divers...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on information forensics and security Vol. 12; no. 12; pp. 3011 - 3023
Main Authors Wan, Ming, Shang, Wenli, Zeng, Peng
Format Journal Article
LanguageEnglish
Published New York IEEE 01.12.2017
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Anomalies
Behavior
Classification
Communication
Control systems
Data acquisition
Feature extraction
Function control behavior
Hidden Markov models
Industrial communication
Networked control systems
one-class classification
Process control
Process controls
process data behavior
Online AccessGet full text

Cover

More Information
Summary:Due to the growing dependencies of information network technology, networked control systems are undergoing a severe blow of cyberattacks, and simply modeling cyberattacks is inadequate and impractical for the detection requirements, because of various vulnerabilities in these systems and the diversities of cyberattacks. Actually, a feasible viewpoint is to identify misbehaviors by constructing a normal model of industrial communication behaviors. However, one of the chief difficulties is how to completely and appropriately summarize industrial communication behaviors according to the specific communication characteristics. In view of process control and data acquisition, this paper associates industrial communication characteristics with the time sequence, and further extracts two distinct behaviors: function control behavior and process data behavior. Based on these double behavior characteristics, we introduce one-class classification to detect the corresponding anomalies, respectively. Besides, we also present the weighted mixed Kernel function and parameter optimization method to improve classification performance. Experimental results clearly demonstrate that the proposed approach has significant advantages of classification accuracy and detection efficiency.
ISSN:1556-6013
1556-6021
DOI:10.1109/TIFS.2017.2730581