Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Multi-level anomaly detection in industrial control systems via package signatures and LSTM networks

Feng, Cheng, Li, Tingting ORCID: https://orcid.org/0000-0002-9448-1655 and Chana, Deeph 2017. Multi-level anomaly detection in industrial control systems via package signatures and LSTM networks. Presented at: 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Denver, CO, USA, 26-29 June 2017. 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). pp. 261-272. 10.1109/DSN.2017.34

[thumbnail of Li_DSN17.pdf]
Preview
 PDF - Accepted Post-Print Version
Download (1MB) | Preview

Abstract

We outline an anomaly detection method for industrial control systems (ICS) that combines the analysis of network package contents that are transacted between ICS nodes and their time-series structure. Specifically, we take advantage of the predictable and regular nature of communication patterns that exist between so-called field devices in ICS networks. By observing a system for a period of time without the presence of anomalies we develop a base-line signature database for general packages. A Bloom filter is used to store the signature database which is then used for package content level anomaly detection. Furthermore, we approach time-series anomaly detection by proposing a stacked Long Short Term Memory (LSTM) network-based softmax classifier which learns to predict the most likely package signatures that are likely to occur given previously seen package traffic. Finally, by the inspection of a real dataset created from a gas pipeline SCADA system, we show that an anomaly detection scheme combining both approaches can achieve higher performance compared to various current state-of-the-art techniques.

Item Type: Conference or Workshop Item (Paper)
Date Type: Published Online
Status: Published
Schools: Schools > Computer Science & Informatics
ISBN: 9781538605431
ISSN: 2158-3927
Funders: EPSRC
Date of First Compliant Deposit: 22 November 2019
Date of Acceptance: 31 August 2017
Last Modified: 26 Oct 2022 08:16
URI: https://orca.cardiff.ac.uk/id/eprint/127039

Citation Data

Cited 186 times in Scopus. View in Scopus. Powered By Scopus® Data

Actions (repository staff only)

Edit Item Edit Item
Dimensions
Altmetric
Download Statistics

Downloads

Downloads per month over past year

View more statistics

CORE (COnnecting REpositories)


Maintained by Cardiff University IT