Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

A three-tiered intrusion detection system for Industrial Control Systems (ICS)

Anthi, Eirini, Williams, Lowri, Burnap, Pete ORCID: https://orcid.org/0000-0003-0396-633X and Jones, Kevin 2021. A three-tiered intrusion detection system for Industrial Control Systems (ICS). Journal of Cybersecurity 7 (1) , tyab006. 10.1093/cybsec/tyab006

[thumbnail of tyab006.pdf]
Preview
 PDF - Published Version
Available under License Creative Commons Attribution.
Download (406kB) | Preview

Abstract

This paper presents a three-tiered IDS which uses a supervised approach to detect cyber-attacks in ICS networks. The proposed approach does not only aim to identify malicious packets on the network but also attempts to identify the general and finer grain attack type occurring on the network. This is key in the ICS environment, as the ability to identify exact attack types will lead to an increased response rate to the incident and the defence of the infrastructure. More specifically the proposed system consists of three stages which aim to classify: 1) whether packets are malicious, 2) the general attack type of malicious packets (e.g. DoS), and 3) finer-grained cyber-attacks (e.g. Bad CRC Attack). The effectiveness of the proposed IDS is evaluated on network data collected from a real industrial gas pipeline system. Additionally, an insight is provided as to which features are most relevant to detecting such malicious behaviour. The performance of the system results in an F-measure of: 1) 87.4%, 2) 74.5%, 3) 41.2%, for each of the layers, respectively. This demonstrates that the proposed architecture can successfully distinguish whether network activity is malicious and detect which general attack was deployed.

Item Type: Article
Date Type: Publication
Status: Published
Schools: Computer Science & Informatics
Subjects: T Technology > T Technology (General)
Publisher: Oxford University Press
ISSN: 2057-2085
Date of First Compliant Deposit: 25 January 2021
Date of Acceptance: 21 January 2021
Last Modified: 03 May 2023 19:00
URI: https://orca.cardiff.ac.uk/id/eprint/137897

Citation Data

Cited 9 times in Scopus. View in Scopus. Powered By Scopus® Data

Actions (repository staff only)

Edit Item Edit Item
Dimensions
Altmetric
Download Statistics

Downloads

Downloads per month over past year

View more statistics

CORE (COnnecting REpositories)


Maintained by Cardiff University Information Services