TY - GEN
T1 - Detecting cyber attacks in industrial control systems using convolutional neural networks
AU - Kravchik, Moshe
AU - Shabtai, Asaf
N1 - Publisher Copyright:
© 2018 Association for Computing Machinery.
PY - 2018/10/15
Y1 - 2018/10/15
N2 - This paper presents a study on detecting cyber attacks on industrial control systems (ICS) using convolutional neural networks. The study was performed on a Secure Water Treatment testbed (SWaT) dataset, which represents a scaled-down version of a real-world industrial water treatment plant. We suggest a method for anomaly detection based on measuring the statistical deviation of the predicted value from the observed value. We applied the proposed method by using a variety of deep neural network architectures including different variants of convolutional and recurrent networks. The test dataset included 36 different cyber attacks. The proposed method successfully detected 31 attacks with three false positives thus improving on previous research based on this dataset. The results of the study show that 1D convolutional networks can be successfully used for anomaly detection in industrial control systems and outperform recurrent networks in this setting. The findings also suggest that 1D convolutional networks are effective at time series prediction tasks which are traditionally considered to be best solved using recurrent neural networks. This observation is a promising one, as 1D convolutional neural networks are simpler, smaller, and faster than the recurrent neural networks.
AB - This paper presents a study on detecting cyber attacks on industrial control systems (ICS) using convolutional neural networks. The study was performed on a Secure Water Treatment testbed (SWaT) dataset, which represents a scaled-down version of a real-world industrial water treatment plant. We suggest a method for anomaly detection based on measuring the statistical deviation of the predicted value from the observed value. We applied the proposed method by using a variety of deep neural network architectures including different variants of convolutional and recurrent networks. The test dataset included 36 different cyber attacks. The proposed method successfully detected 31 attacks with three false positives thus improving on previous research based on this dataset. The results of the study show that 1D convolutional networks can be successfully used for anomaly detection in industrial control systems and outperform recurrent networks in this setting. The findings also suggest that 1D convolutional networks are effective at time series prediction tasks which are traditionally considered to be best solved using recurrent neural networks. This observation is a promising one, as 1D convolutional neural networks are simpler, smaller, and faster than the recurrent neural networks.
KW - Anomaly detection
KW - Convolutional neural networks
KW - Industrial control systems
UR - http://www.scopus.com/inward/record.url?scp=85056734630&partnerID=8YFLogxK
U2 - 10.1145/3264888.3264896
DO - 10.1145/3264888.3264896
M3 - Conference contribution
AN - SCOPUS:85056734630
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 72
EP - 83
BT - CPS-SPC 2018 - Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, co-located with CCS 2018
PB - Association for Computing Machinery
T2 - 4th ACM Workshop on Cyber-Physical Systems Security and PrivaCy, CPS-SPC 2018, in conjunction with the 25th ACM Conference on Computer and Communications Security, CCS 2018
Y2 - 19 October 2018
ER -