The continuous operation of an industrial process, such as water treatment or power generation, is governed by an Industrial Control System (ICS). Cyber attacks on industrial networks are of growing concern because of the disruption they can cause, leading to loss of revenue, and the possibility of harm to workers, plant and surroundings. Operators therefore need a Network Intrusion Detection System (NIDS) to analyse industrial network traffic in real time for adversarial behaviour. Machine Learning (ML) is applicable to the problem of network intrusion detection. This paper investigates the possibility of training an ML-based NIDS for an ICS (specifically, the well-known Secure Water Treatment testbed) by combining network traffic data and physical process data. In the supplied dataset, data had already been labelled “according to normal and abnormal behaviours”; the labelling of data collected around the start and end of each attack was scrutinized and, where found to be problematic, labelled data were excluded in order to improve the effectiveness of supervised learning. The ML technique of “Learning using Privileged Information” was evaluated and found to be superior to six baseline ML algorithms trained on network traffic data alone.
|Title of host publication||19th Annual IEEE International Conference on Intelligence and Security Informatics (ISI)|
|Publication status||Published - 8 Oct 2021|
|Event||19th Annual IEEE International Conference on Intelligence and Security Informatics (ISI) - San Antonio, Texas, United States|
Duration: 2 Nov 2021 → 4 Nov 2021
|Conference||19th Annual IEEE International Conference on Intelligence and Security Informatics (ISI)|
|Period||2/11/21 → 4/11/21|
Bibliographical note© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
- Network Intrusion Detection System
- Industrial Control System
- machine learning