过程偏差:工业控制系统中异常检测过程的指纹识别

Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Pub Date : 2020-07-08 DOI:10.1145/3395351.3399364

Chuadhry Mujeeb Ahmed, J. Prakash, Rizwan Qadeer, Anand Agrawal, Jianying Zhou

{"title":"过程偏差:工业控制系统中异常检测过程的指纹识别","authors":"Chuadhry Mujeeb Ahmed, J. Prakash, Rizwan Qadeer, Anand Agrawal, Jianying Zhou","doi":"10.1145/3395351.3399364","DOIUrl":null,"url":null,"abstract":"In an Industrial Control System (ICS), its complex network of sensors, actuators and controllers have raised security concerns. In this paper, we proposed a technique called Process Skew that uses the small deviations in the ICS process (herein called as a process fingerprint) for anomaly detection. The process fingerprint appears as noise in sensor measurements due to the process fluctuations. Such a fingerprint is unique to a process due to the intrinsic operational constraints of the physical process. We validated the proposed scheme using the data from a real-world water treatment testbed. Our results show that we can effectively identify a process based on its fingerprint, and detect process anomaly with a very low false-positive rate.","PeriodicalId":165929,"journal":{"name":"Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks","volume":"18 7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Process skew: fingerprinting the process for anomaly detection in industrial control systems\",\"authors\":\"Chuadhry Mujeeb Ahmed, J. Prakash, Rizwan Qadeer, Anand Agrawal, Jianying Zhou\",\"doi\":\"10.1145/3395351.3399364\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In an Industrial Control System (ICS), its complex network of sensors, actuators and controllers have raised security concerns. In this paper, we proposed a technique called Process Skew that uses the small deviations in the ICS process (herein called as a process fingerprint) for anomaly detection. The process fingerprint appears as noise in sensor measurements due to the process fluctuations. Such a fingerprint is unique to a process due to the intrinsic operational constraints of the physical process. We validated the proposed scheme using the data from a real-world water treatment testbed. Our results show that we can effectively identify a process based on its fingerprint, and detect process anomaly with a very low false-positive rate.\",\"PeriodicalId\":165929,\"journal\":{\"name\":\"Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks\",\"volume\":\"18 7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-07-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3395351.3399364\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3395351.3399364","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

摘要

在工业控制系统(ICS)中，其传感器、执行器和控制器的复杂网络引起了安全问题。在本文中，我们提出了一种称为过程偏差的技术，该技术使用ICS过程中的小偏差(此处称为过程指纹)进行异常检测。由于过程波动，过程指纹在传感器测量中表现为噪声。由于物理过程的内在操作约束，这种指纹对于一个过程是唯一的。我们使用来自真实水处理试验台的数据验证了所提出的方案。结果表明，该方法可以有效地识别进程指纹，并以极低的误报率检测出进程异常。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Process skew: fingerprinting the process for anomaly detection in industrial control systems

In an Industrial Control System (ICS), its complex network of sensors, actuators and controllers have raised security concerns. In this paper, we proposed a technique called Process Skew that uses the small deviations in the ICS process (herein called as a process fingerprint) for anomaly detection. The process fingerprint appears as noise in sensor measurements due to the process fluctuations. Such a fingerprint is unique to a process due to the intrinsic operational constraints of the physical process. We validated the proposed scheme using the data from a real-world water treatment testbed. Our results show that we can effectively identify a process based on its fingerprint, and detect process anomaly with a very low false-positive rate.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

自引率

0.00%

发文量