Abnormal detection method of industrial control system based on behavior model

In the field of industrial control systems (ICSs), a broad application background and the different characteristics of a system determine the diversity and particularity of an intrusion detection system. We propose an abnormal detection method based on a behavior model. The method extracts behavior...

Full description

Saved in:
Bibliographic Details
Published inComputers & security Vol. 84; pp. 166 - 178
Main Authors Zhanwei, Song, Zenghui, Liu
Format Journal Article
LanguageEnglish
Published Amsterdam Elsevier Ltd 01.07.2019
Elsevier Sequoia S.A
Subjects
Abnormal detection
Behavior model
Communications traffic
Control systems
Industrial control systems
Industrial electronics
Intrusion detection systems
Modbus/TCP
Network security
Traffic control
Network security
Industrial control systems
Abnormal detection
Behavior model
Modbus/TCP
Online AccessGet full text

Cover

More Information
Summary:In the field of industrial control systems (ICSs), a broad application background and the different characteristics of a system determine the diversity and particularity of an intrusion detection system. We propose an abnormal detection method based on a behavior model. The method extracts behavior data sequences from industrial control network traffic, builds a normal behavior model of the controller and the controlled process of an ICS, and compares tested behavior data and prediction behavior data to detect any exceptions. According to experimental results, our method can effectively detect abnormal behavior data and control program manipulation attacks.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2019.03.009