AAAI Publications, The Thirty-Third International Flairs Conference

Font Size: 
Secure Industrial Control System with Intrusion Detection
M. Rayhan Ahmed Mithu, Vadim Kholodilo, Rajesh Manicavasagam, Denis Ulybyshev, Mike Rogers

Last modified: 2020-05-15

Abstract


Detecting intrusions and anomalies in Industrial Control Systems at early stages is important to prevent process failure. Operator errors, device or equipment failures, and other non-network events could lead to a critical state. As a result, these events can indirectly lead to anomalous network traffic, and, thus, a manually configured IDS that uses network traffic alone can generate false positives and false negatives. In this paper, we propose a novel approach that uses multimodal machine learning and incorporates both network data and device state information to improve the detection accuracy. Our methodology can detect anomalies as well as their root causes, which is essential. To protect device state data, we use a secure data container to store log records for devices in cyber-physical systems. The secure data container provides protection for log records in transit and at rest. It also supports role-based and attribute-based access control and protects against insider threats.



Full Text: PDF