Anomaly Detection for Industrial Control Systems Based on DBSCAN Clustering Algorithm
| Autor: | Ming-Han Lee, 李明翰 |
|---|---|
| Rok vydání: | 2019 |
| Druh dokumentu: | 學位論文 ; thesis |
| Popis: | 107 With the advent of the Internet of Things (IoT), the industrial control systems (ICS) which are widely used in critical infrastructure have gradually integrated with information technology (IT) systems. As a result, more and more ICS systems are attacked in recent years. Once the ICS comes under attack, it is likely to cause great financial loss or even casualties. To alleviate the problem, anomaly detection is one of the cyber defense approaches for ICS. In the thesis, we proposed a method to create normal behavior model for anomaly detection in the ICS network by measuring variations of normal data. To discover the normal behavior pattern, the cosine similarity and Mahalanobis distance between two adjacent data vectors are calculated. In the preprocessing phase of the proposed method, it can do feature reduction without domain expert knowledge. After transforming the raw data into new features, we construct the normal behavior model using DBSCAN clustering algorithm. The proposed method is evaluated using the ICS data set of gas pipeline system provided by the Critical Infrastructure Protection Center at Mississippi State University. The data set includes normal data, response injection attacks, and command injection attacks. The experimental results show that the recall for identifying anomaly by the proposed method is above 98%, which is better than the results by other machine learning methods. |
| Databáze: | Networked Digital Library of Theses & Dissertations |
| Externí odkaz: |
|