Process skew: fingerprinting the process for anomaly detection in industrial control systems

Abstract

In an Industrial Control System (ICS), its complex network of sensors, actuators and controllers have raised security concerns. In this paper, we proposed a technique called Process Skew that uses the small deviations in the ICS process (herein called as a process fingerprint) for anomaly detection. The process fingerprint appears as noise in sensor measurements due to the process fluctuations. Such a fingerprint is unique to a process due to the intrinsic operational constraints of the physical process. We validated the proposed scheme using the data from a real-world water treatment testbed. Our results show that we can effectively identify a process based on its fingerprint, and detect process anomaly with a very low false-positive rate.