Identification of Cyberattacks in Industrial Control Systems

Author: Alireza Dehlaghi-ghadim; Hans Hansson; Ali Balador; Mahshid Helali Moghadam; Mohammad Shojafar; Mälardalens Universitet; []

Keywords: ENGINEERING AND TECHNOLOGY; TEKNIK OCH TEKNOLOGIER; Computer Science; datavetenskap;

Abstract: As critical infrastructure increasingly relies on Industrial Control Systems (ICS), these systems have become a prime target for cyberattacks. As a result of the move towards Industry 4.0 targets, ICSs are increasingly being connected to the outside world, which makes them even more vulnerable to attacks. To enhance the ICS's security, Intrusion Detection Systems (IDS) are used in detecting and mitigating attacks. However, using real ICS installations for testing IDS can be challenging, as any interference with the ICS could have serious consequences, such as production downtime or compromised safety. Alternatively, ICS testbeds and cybersecurity datasets can be used to analyze, validate, and evaluate the IDS capabilities in a controlled environment. In addition, the complexity of ICSs, combined with the unpredictable and intricate nature of attacks, present a challenge in achieving high detection precision using traditional rule-based models. To tackle this challenge, Machine Learning (ML) have become increasingly attractive for identifying a broader range of attacks. This thesis aims to enhance ICS cybersecurity by addressing the mentioned challenges. We introduce a framework for simulation of virtual ICS security testbeds that can be customized to create extensible, versatile, reproducible, and low-cost ICS testbeds. Using this framework, we create a factory simulation and its ICS to generate an ICS security dataset. We present this dataset as a validation benchmark for intrusion detection methods in ICSs. Finally, we investigate the efficiency and effectiveness of the intrusion detection capabilities of a range of Machine Learning techniques. Our findings show (1) that relying solely on intrusion evidence at a specific moment for intrusion detection can lead to misclassification, as various cyber-attacks may have similar effects at a specific moment, and (2) that AI models that consider the temporal relationship between events are effective in improving the ability to detect attack types.

  This dissertation MIGHT be available in PDF-format. Check this page to see if it is available for download.