Industrial Control System Anomaly Detection and Classification Based on Network Traffic

Jehn Ruey Jiang, Yan Ting Chen

研究成果: 雜誌貢獻期刊論文同行評審

摘要

This paper proposes an anomaly detection and classification method for industrial control systems (ICSs). The proposed method is based on network traffic data of industrial field protocols like Modbus TCP and S7 Communication. First, the denoising autoencoder (DAE) is utilized to reduce data noise and extract core features from data. Second, the synthetic minority oversampling technique (SMOTE) and the Tomek link (T-Link) mechanism are employed to oversample and undersample data for addressing the data imbalance problem. Finally, extreme gradient boosting (XGBoost) is used to leverage the ensemble learning concept to avoid overfitting for achieving good performance. A real-life railway industry ICS dataset called Electra is used to evaluate the performance of the proposed method, and the evaluation results are compared with those of other related methods. The proposed method is shown to have the highest (100%) precision, recall and F1-score for anomaly detection, and have fairly high performance of anomaly classification. The contribution of this paper is to show that integrating the DAE, SMOTE, T-Link, and XGBoost schemes can achieve the highest or extremely high performance in the aspect of ICS anomaly detection and classification based on network traffic. The computational complexity and convergence analyses of the proposed method are also provided in this paper. Furthermore, the code implementing the proposed method is released for public access through IEEE Code Ocean so that the effectiveness and the applicability of the method can be validated.

原文???core.languages.en_GB???
頁(從 - 到)41874-41888
頁數15
期刊IEEE Access
10
DOIs
出版狀態已出版 - 2022

指紋

深入研究「Industrial Control System Anomaly Detection and Classification Based on Network Traffic」主題。共同形成了獨特的指紋。

引用此