 A real-time network based anomaly detection in industrial control systemsFaeze Zare, Payam Mahmoudi-Nasr and Rohollah Yousefpour International Journal of Critical Infrastructure Protection, 2024, vol. 45, issue C Abstract: Data manipulation attacks targeting network traffic of SCADA systems may compromise the reliability of an Industrial Control system (ICS). This can mislead the control center about the real-time operating conditions of the ICS and can alter commands sent to the field equipment. Deep Learning techniques appear as a suitable solution for detecting such complicated attacks. This paper proposes a Network based Anomaly Detection System (NADS) to detect data manipulation attacks with a focus on Modbus/TCP-based SCADA systems. The proposed NADS is a sequence to sequence auto encoder which uses the long short term memory units with embedding layer, teacher forcing technique and attention mechanism. The model has been trained and tested using the SWaT dataset, which corresponds to a scaled-down water treatment plant. The model detected 23 of 36 attacks and outperformed two other existing NADS with an improvement of 0.22 for simple attacks and obtained a recall value of 0.86 on attack 36 compared to the other NADS which obtained 0.74. Keywords: Anomaly detection; Auto encoder; Manipulation attack; SCADA (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:eee:ijocip:v:45:y:2024:i:c:s1874548224000179 DOI: 10.1016/j.ijcip.2024.100676 Access Statistics for this article International Journal of Critical Infrastructure Protection is currently edited by Leon Strous More articles in International Journal of Critical Infrastructure Protection from Elsevier |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.