基于决策树的工业控制系统入侵检测不变量

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-05-12 DOI:10.1016/j.cose.2025.104511

Abdul Samiah , Muhammad Azmi Umer , Shama Siddiqui

{"title":"基于决策树的工业控制系统入侵检测不变量","authors":"Abdul Samiah , Muhammad Azmi Umer , Shama Siddiqui","doi":"10.1016/j.cose.2025.104511","DOIUrl":null,"url":null,"abstract":"<div><div>The proliferation of interconnected Industrial Control Systems (ICS) and their connectivity with internet is expanding the attack surface, making them vulnerable to cyber-threats such as ransomware, malware, and targeted attacks. A cyber-attack launched on a critical infrastructure (CI), such as a water treatment plant, chemical plants or power grid could lead to anomalous behavior. Due to dynamic nature and variety of attributes in cyber data, the detection and prevention of these anomalous behavior is still an open challenge. Cyber physical systems (CPS) includes both the information technology (IT) and operational technology (OT) data. The detection of anomalous behavior is possible using both the IT and the OT data. The study conducted here has used the OT data. A supervised machine learning technique based on decision trees was used to mine the invariants from the OT data. The proposed approach was also compared with the Association Rule Mining (ARM) for generating invariants. The entire study was conducted in the context of scaled down version of water distribution plant (WaDi). The validation of generated invariants was performed using the operational plant and also using the physics of the plant.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"156 ","pages":"Article 104511"},"PeriodicalIF":4.8000,"publicationDate":"2025-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Decision tree based invariants for intrusion detection in industrial control system\",\"authors\":\"Abdul Samiah , Muhammad Azmi Umer , Shama Siddiqui\",\"doi\":\"10.1016/j.cose.2025.104511\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The proliferation of interconnected Industrial Control Systems (ICS) and their connectivity with internet is expanding the attack surface, making them vulnerable to cyber-threats such as ransomware, malware, and targeted attacks. A cyber-attack launched on a critical infrastructure (CI), such as a water treatment plant, chemical plants or power grid could lead to anomalous behavior. Due to dynamic nature and variety of attributes in cyber data, the detection and prevention of these anomalous behavior is still an open challenge. Cyber physical systems (CPS) includes both the information technology (IT) and operational technology (OT) data. The detection of anomalous behavior is possible using both the IT and the OT data. The study conducted here has used the OT data. A supervised machine learning technique based on decision trees was used to mine the invariants from the OT data. The proposed approach was also compared with the Association Rule Mining (ARM) for generating invariants. The entire study was conducted in the context of scaled down version of water distribution plant (WaDi). The validation of generated invariants was performed using the operational plant and also using the physics of the plant.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"156 \",\"pages\":\"Article 104511\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2025-05-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404825002007\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825002007","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

互联工业控制系统（ICS）的激增及其与互联网的连接正在扩大攻击面，使它们容易受到网络威胁，如勒索软件、恶意软件和针对性攻击。对关键基础设施（CI）发起的网络攻击，如水处理厂、化工厂或电网，可能导致异常行为。由于网络数据的动态性和多样性，这些异常行为的检测和预防仍然是一个悬而未决的挑战。网络物理系统（CPS）包括信息技术（IT）和操作技术（OT）数据。异常行为的检测可以同时使用IT和OT数据。这里进行的研究使用了OT的数据。采用基于决策树的监督式机器学习技术从OT数据中挖掘不变量。并将该方法与关联规则挖掘（ARM）的不变量生成方法进行了比较。整个研究是在缩小版的配水厂（WaDi）的背景下进行的。生成的不变量的验证是使用操作工厂和工厂的物理特性来执行的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Decision tree based invariants for intrusion detection in industrial control system

The proliferation of interconnected Industrial Control Systems (ICS) and their connectivity with internet is expanding the attack surface, making them vulnerable to cyber-threats such as ransomware, malware, and targeted attacks. A cyber-attack launched on a critical infrastructure (CI), such as a water treatment plant, chemical plants or power grid could lead to anomalous behavior. Due to dynamic nature and variety of attributes in cyber data, the detection and prevention of these anomalous behavior is still an open challenge. Cyber physical systems (CPS) includes both the information technology (IT) and operational technology (OT) data. The detection of anomalous behavior is possible using both the IT and the OT data. The study conducted here has used the OT data. A supervised machine learning technique based on decision trees was used to mine the invariants from the OT data. The proposed approach was also compared with the Association Rule Mining (ARM) for generating invariants. The entire study was conducted in the context of scaled down version of water distribution plant (WaDi). The validation of generated invariants was performed using the operational plant and also using the physics of the plant.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.