Detecting cyber attacks in industrial control systems using convolutional neural networks

Moshe Kravchik, Asaf Shabtai

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

245 Scopus citations

Abstract

This paper presents a study on detecting cyber attacks on industrial control systems (ICS) using convolutional neural networks. The study was performed on a Secure Water Treatment testbed (SWaT) dataset, which represents a scaled-down version of a real-world industrial water treatment plant. We suggest a method for anomaly detection based on measuring the statistical deviation of the predicted value from the observed value. We applied the proposed method by using a variety of deep neural network architectures including different variants of convolutional and recurrent networks. The test dataset included 36 different cyber attacks. The proposed method successfully detected 31 attacks with three false positives thus improving on previous research based on this dataset. The results of the study show that 1D convolutional networks can be successfully used for anomaly detection in industrial control systems and outperform recurrent networks in this setting. The findings also suggest that 1D convolutional networks are effective at time series prediction tasks which are traditionally considered to be best solved using recurrent neural networks. This observation is a promising one, as 1D convolutional neural networks are simpler, smaller, and faster than the recurrent neural networks.

Original languageEnglish
Title of host publicationCPS-SPC 2018 - Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, co-located with CCS 2018
PublisherAssociation for Computing Machinery
Pages72-83
Number of pages12
ISBN (Electronic)9781450359924
DOIs
StatePublished - 15 Oct 2018
Event4th ACM Workshop on Cyber-Physical Systems Security and PrivaCy, CPS-SPC 2018, in conjunction with the 25th ACM Conference on Computer and Communications Security, CCS 2018 - Toronto, Canada
Duration: 19 Oct 2018 → …

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference4th ACM Workshop on Cyber-Physical Systems Security and PrivaCy, CPS-SPC 2018, in conjunction with the 25th ACM Conference on Computer and Communications Security, CCS 2018
Country/TerritoryCanada
CityToronto
Period19/10/18 → …

Keywords

  • Anomaly detection
  • Convolutional neural networks
  • Industrial control systems

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Detecting cyber attacks in industrial control systems using convolutional neural networks'. Together they form a unique fingerprint.

Cite this