SteelEye: An Application-Layer Attack Detection and Attribution Model in Industrial Control Systems using Semi-Deep Learning

Abstract

The security of Industrial Control Systems is of high importance as they play a critical role in uninterrupted services provided by Critical Infrastructure operators. Due to a large number of devices and their geographical distribution, Industrial Control Systems need efficient automatic cyber-attack detection and attribution methods, which suggests us AI-based approaches. This paper proposes a model called SteelEye based on Semi-Deep Learning for accurate detection and attribution of cyber-attacks at the application layer in industrial control systems. The proposed model depends on Bag of Features for accurate detection of cyber-attacks and utilizes Categorical Boosting as the base predictor for attack attribution. Empirical results demonstrate that SteelEye remarkably outperforms state-of-the-art cyber-attack detection and attribution methods in terms of accuracy, precision, recall, and Fl-score.