Abstract
Due to the complexity of components and the diversity of protocols in industrial control systems, it is difficult to simply use content-based anomaly detection system with the background. This paper proposes an improved Zoe algorithm. In the algorithm, the similarity between traffics is calculated through sequence coverage. And we use Count-Mean-Min Sketch to store and count the sub-strings. Finally, we utilize clustering to achieve the anomaly detection of the industrial control system. The experimental results show that this algorithm can achieve higher detection rate and lower false positive rate of anomaly detection in industrial control systems.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Sun, Z., Liang, G., Bai, Y.: A hierarchical intrusion detection model in wireless sensor networks. Inf. Control 42(6), 670–676 (2013)
Shn, S., Kwon, T., Jo, G.Y.: An experimental study of hierarchical intrusion detection for wireless industrial sensor networks. IEEE Trans. Industr. Inf. 6(4), 744–757 (2010)
Jones, R.A., Horowitz, B.: A system-aware cyber security architecture. Syst. Eng. 15(2), 225–240 (2012)
Cherepanov, A.: Win32/industroyer – a new threat for industrial control systems. Technical report, ESET (2017)
K. Lab: The DUQU 2.0 – technical details. Technical report, Kaspersky Lab (2015)
Yingxu, L., Jiao, J., Jing, L.: Analysis of industrial control systems traffic based on time series. In: 2015 IEEE Twelfth International Symposium on Autonomous Decentralized Systems, pp. 123–129. IEEE Press, Taichung (2015)
Arévalo, F., Rernentería, J., Schwung, A.: Fault detection assessment architectures based on classification methods and information fusion. In: 2018 IEEE 23rd International Conference on Emerging Technologies and Factory Automation (ETFA), pp. 1343–1350. IEEE Press, Turin (2018)
Tsai, J., Lo, N.: Secure anonymous key distribution scheme for smart grid. IEEE Trans. Smart Grid 7(2), 906–914 (2016)
Liu, T., Sun, Y., Liu, Y., et al.: Abnormal traffic-indexed state estimation: a cyber-physical fusion approach for smart grid attack detection. Future Gener. Comput. Syst. 49, 94–103 (2015)
Kurt, M.N., Yılmaz, Y., Wang, X.: Distributed quickest detection of cyber-attacks in smart grid. IEEE Trans. Inf. Forensics Secur. 13(8), 1 (2018)
Jiang, N., Li, B., Wan, T., Liu, L.: C-POEM: comprehensive performance optimization evaluation model for wireless sensor networks. Soft. Comput. 21(12), 3377–3385 (2017)
Jiang, N., Xiao, X., Liu, L.: Localization scheme for wireless sensor networks based on “shortcut” constraint. Ad Hoc Sens. Wirel. Netw. 26(1–4), 1–19 (2015)
Lai, Y.X., Liu, Z.H., Cai, X.T., et al.: Research on intrusion detection of industrial control system. J. Commun. 38(2), 143–156 (2017)
Yu, B.B., Wang, H.Z., Yan, B.Y.: Intrusion detection of industrial control systems based on long and short time memory networks. Inf. Control 47(01), 54–59 (2018)
Song, L.K., Fei, C.W., Bai, G.C., et al.: Dynamic neural network method-based improved PSO and BR algorithms for transient probabilistic analysis of flexible mechanism. Adv. Eng. Inform. 33, 144–153 (2017)
Hadžiosmanović, D., Simionato, L., Bolzoni, D., Zambon, E., Etalle, S.: N-gram against the machine: on the feasibility of the N-gram network analysis for binary protocols. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 354–373. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33338-5_18
Huang, Y.W., Chen, G., Ye, J.F.: Weighted K-nearest neighbor indoor positioning algorithm based on cosine similarity. Comput. Appl. Softw. 36(02), 159–162 (2019)
Wressnegger, C., Kellner, A., Rieck, K.: Zoe: content-based anomaly detection for industrial control systems. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 127–138. IEEE Press, Luxembourg City (2018)
Marteau, P.-F.: Sequence covering for efficient host-based intrusion detection. IEEE Trans. Inf. Forensics Secur. 14(4), 994–1006 (2019)
Coates, A., Ng, Andrew Y.: Learning feature representations with K-means. In: Montavon, G., Orr, G.B., Müller, K.-R. (eds.) Neural Networks: Tricks of the Trade. LNCS, vol. 7700, pp. 561–580. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35289-8_30
Cormode, G., Muthukrishnan, M.: Approximating data with the count-min sketch. IEEE Softw. 29(1), 64–69 (2012)
Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns. IEEE Trans. Comput. 63(4), 807–819 (2014)
Deng, F., Rafiei, D.: New estimation algorithms for streaming data: Count-min can do more. http://www.cs.ualberta.ca/~fandeng/paper/cmm.pdf
Nader, P., Honeine, P., Beauseroy, P.: One-class classification for intrusion detection in SCADA systems. IEEE Trans. Industr. Inf. 10(4), 2308–2317 (2014)
Frank, A., Asuncion, A.: UCI machine learning repository. School Information and Computer Science, University of California, Irvine, CA, USA. http://archive.ics.uci.edu/ml. Accessed 10 2018
Suthaharan, S., Alzahrani, M., Rajasegarar, S., et al.: Labelled data collection for anomaly detection in wireless sensor networks. In: Sixth International Conference on Intelligent Sensors, pp. 269–274. IEEE Press, Brisbane (2010)
Almalawi, A., Fahad, A., Tari, Z., et al.: An efficient data-driven clustering technique to detect attacks in SCADA systems. IEEE Trans. Inf. Forensics Secur. 11(5), 893–906 (2016)
Acknowledgements
This work is supported by the National Natural Science Foundation of China, under Grant No. 61762037. Science and Technology Key Research and Development Program of Jiangxi Province, under Grant No. 20192ACB50027.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Xie, X., Wang, B., Wan, T., Jiang, X., Wang, W., Tang, W. (2019). Research and Application of Anomaly Detection of Industrial Control System Based on Improved Zoe Algorithm. In: Vaidya, J., Zhang, X., Li, J. (eds) Cyberspace Safety and Security. CSS 2019. Lecture Notes in Computer Science(), vol 11982. Springer, Cham. https://doi.org/10.1007/978-3-030-37337-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-37337-5_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37336-8
Online ISBN: 978-3-030-37337-5
eBook Packages: Computer ScienceComputer Science (R0)