Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Cyberspace Safety and Security

CSS 2019: Cyberspace Safety and Security pp 3–12Cite as

Research and Application of Anomaly Detection of Industrial Control System Based on Improved Zoe Algorithm

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11982))

Abstract

Due to the complexity of components and the diversity of protocols in industrial control systems, it is difficult to simply use content-based anomaly detection system with the background. This paper proposes an improved Zoe algorithm. In the algorithm, the similarity between traffics is calculated through sequence coverage. And we use Count-Mean-Min Sketch to store and count the sub-strings. Finally, we utilize clustering to achieve the anomaly detection of the industrial control system. The experimental results show that this algorithm can achieve higher detection rate and lower false positive rate of anomaly detection in industrial control systems.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Sun, Z., Liang, G., Bai, Y.: A hierarchical intrusion detection model in wireless sensor networks. Inf. Control 42(6), 670–676 (2013)

    Google Scholar 

  2. Shn, S., Kwon, T., Jo, G.Y.: An experimental study of hierarchical intrusion detection for wireless industrial sensor networks. IEEE Trans. Industr. Inf. 6(4), 744–757 (2010)

    Article  Google Scholar 

  3. Jones, R.A., Horowitz, B.: A system-aware cyber security architecture. Syst. Eng. 15(2), 225–240 (2012)

    Article  Google Scholar 

  4. Cherepanov, A.: Win32/industroyer – a new threat for industrial control systems. Technical report, ESET (2017)

    Google Scholar 

  5. K. Lab: The DUQU 2.0 – technical details. Technical report, Kaspersky Lab (2015)

    Google Scholar 

  6. Yingxu, L., Jiao, J., Jing, L.: Analysis of industrial control systems traffic based on time series. In: 2015 IEEE Twelfth International Symposium on Autonomous Decentralized Systems, pp. 123–129. IEEE Press, Taichung (2015)

    Google Scholar 

  7. Arévalo, F., Rernentería, J., Schwung, A.: Fault detection assessment architectures based on classification methods and information fusion. In: 2018 IEEE 23rd International Conference on Emerging Technologies and Factory Automation (ETFA), pp. 1343–1350. IEEE Press, Turin (2018)

    Google Scholar 

  8. Tsai, J., Lo, N.: Secure anonymous key distribution scheme for smart grid. IEEE Trans. Smart Grid 7(2), 906–914 (2016)

    Google Scholar 

  9. Liu, T., Sun, Y., Liu, Y., et al.: Abnormal traffic-indexed state estimation: a cyber-physical fusion approach for smart grid attack detection. Future Gener. Comput. Syst. 49, 94–103 (2015)

    Article  Google Scholar 

  10. Kurt, M.N., Yılmaz, Y., Wang, X.: Distributed quickest detection of cyber-attacks in smart grid. IEEE Trans. Inf. Forensics Secur. 13(8), 1 (2018)

    Article  Google Scholar 

  11. Jiang, N., Li, B., Wan, T., Liu, L.: C-POEM: comprehensive performance optimization evaluation model for wireless sensor networks. Soft. Comput. 21(12), 3377–3385 (2017)

    Article  Google Scholar 

  12. Jiang, N., Xiao, X., Liu, L.: Localization scheme for wireless sensor networks based on “shortcut” constraint. Ad Hoc Sens. Wirel. Netw. 26(1–4), 1–19 (2015)

    Google Scholar 

  13. Lai, Y.X., Liu, Z.H., Cai, X.T., et al.: Research on intrusion detection of industrial control system. J. Commun. 38(2), 143–156 (2017)

    Google Scholar 

  14. Yu, B.B., Wang, H.Z., Yan, B.Y.: Intrusion detection of industrial control systems based on long and short time memory networks. Inf. Control 47(01), 54–59 (2018)

    Google Scholar 

  15. Song, L.K., Fei, C.W., Bai, G.C., et al.: Dynamic neural network method-based improved PSO and BR algorithms for transient probabilistic analysis of flexible mechanism. Adv. Eng. Inform. 33, 144–153 (2017)

    Article  Google Scholar 

  16. Hadžiosmanović, D., Simionato, L., Bolzoni, D., Zambon, E., Etalle, S.: N-gram against the machine: on the feasibility of the N-gram network analysis for binary protocols. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 354–373. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33338-5_18

    Chapter  Google Scholar 

  17. Huang, Y.W., Chen, G., Ye, J.F.: Weighted K-nearest neighbor indoor positioning algorithm based on cosine similarity. Comput. Appl. Softw. 36(02), 159–162 (2019)

    Google Scholar 

  18. Wressnegger, C., Kellner, A., Rieck, K.: Zoe: content-based anomaly detection for industrial control systems. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 127–138. IEEE Press, Luxembourg City (2018)

    Google Scholar 

  19. Marteau, P.-F.: Sequence covering for efficient host-based intrusion detection. IEEE Trans. Inf. Forensics Secur. 14(4), 994–1006 (2019)

    Article  MathSciNet  Google Scholar 

  20. Coates, A., Ng, Andrew Y.: Learning feature representations with K-means. In: Montavon, G., Orr, G.B., Müller, K.-R. (eds.) Neural Networks: Tricks of the Trade. LNCS, vol. 7700, pp. 561–580. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35289-8_30

    Chapter  Google Scholar 

  21. Cormode, G., Muthukrishnan, M.: Approximating data with the count-min sketch. IEEE Softw. 29(1), 64–69 (2012)

    Article  Google Scholar 

  22. Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns. IEEE Trans. Comput. 63(4), 807–819 (2014)

    Article  MathSciNet  Google Scholar 

  23. Deng, F., Rafiei, D.: New estimation algorithms for streaming data: Count-min can do more. http://www.cs.ualberta.ca/~fandeng/paper/cmm.pdf

  24. Nader, P., Honeine, P., Beauseroy, P.: One-class classification for intrusion detection in SCADA systems. IEEE Trans. Industr. Inf. 10(4), 2308–2317 (2014)

    Article  Google Scholar 

  25. Frank, A., Asuncion, A.: UCI machine learning repository. School Information and Computer Science, University of California, Irvine, CA, USA. http://archive.ics.uci.edu/ml. Accessed 10 2018

  26. Suthaharan, S., Alzahrani, M., Rajasegarar, S., et al.: Labelled data collection for anomaly detection in wireless sensor networks. In: Sixth International Conference on Intelligent Sensors, pp. 269–274. IEEE Press, Brisbane (2010)

    Google Scholar 

  27. Almalawi, A., Fahad, A., Tari, Z., et al.: An efficient data-driven clustering technique to detect attacks in SCADA systems. IEEE Trans. Inf. Forensics Secur. 11(5), 893–906 (2016)

    Article  Google Scholar 

Download references

Acknowledgements

This work is supported by the National Natural Science Foundation of China, under Grant No. 61762037. Science and Technology Key Research and Development Program of Jiangxi Province, under Grant No. 20192ACB50027.

Author information

Authors and Affiliations

  1. East China Jiaotong University, Nanchang, 330013, China

    Xin Xie, Bin Wang, Tiancheng Wan, Xunyi Jiang, Weiru Wang & WenLiang Tang

Authors
  1. Xin Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tiancheng Wan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xunyi Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Weiru Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. WenLiang Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bin Wang .

Editor information

Editors and Affiliations

  1. Rutgers University, Newark, NJ, USA

    Jaideep Vaidya

  2. Beihang University, Beijing, China

    Xiao Zhang

  3. Guangzhou University, Guangzhou, China

    Jin Li

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xie, X., Wang, B., Wan, T., Jiang, X., Wang, W., Tang, W. (2019). Research and Application of Anomaly Detection of Industrial Control System Based on Improved Zoe Algorithm. In: Vaidya, J., Zhang, X., Li, J. (eds) Cyberspace Safety and Security. CSS 2019. Lecture Notes in Computer Science(), vol 11982. Springer, Cham. https://doi.org/10.1007/978-3-030-37337-5_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-37337-5_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-37336-8

  • Online ISBN: 978-3-030-37337-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation