| Technical Name | Hybrid Intrusion Detection System for Industrial Control Systems | ||
|---|---|---|---|
| Project Operator | Taiwan Information Security Center at National Chung Hsing University | ||
| Project Host | 廖宜恩 | ||
| Summary | The proposed system is a hybrid intrusion detection system for industrial control systems (ICS). Depending on different application scenarios, supervised or semi-supervised IDS can be used. The supervised IDS is assisted by implementation of virtual honeypot and physical honeypot for collecting attack data. Genetic sequence clustering and LSTM deep learning algorithms are then used to distinguish normal behaviors from malicious behaviors. In case of lacking attack data for training supervised model, we provide semi-supervised model in our system to solve this problem. K-means and Convolutional Autoencoder are used first in semi-supervised model to learn normal behaviors of ICS and then used to detect abnormal behaviors. The experimental results show that the proposed method outperforms other methods in almost all performance metrics. The proposed system can be used in many ICS applications such as natural gas pipelines, water supply systems, and smart grids. |
||
| Scientific Breakthrough | The proposed system provides supervised and semi-supervised intrusion detection mechanisms with virtual honeypots and high-interaction physical honeypots for different ICS application scenarios in which attack data may or may not be easy to collect. The supervised IDS is assisted by implementation of virtual honeypot and physical honeypot for collecting attack data. Genetic sequence clustering and LSTM deep learning algorithms are then used to distinguish normal behaviors from malicious behaviors. In case of lacking attack data for training supervised model, we provide semi-supervised model in our system to solve this problem. K-means and Convolutional Autoencoder are used first in semi-supervised model to learn normal behaviors of ICS and then used to detect abnormal behaviors. The experimental results show that the proposed method outperforms other methods in almost all performance metrics. |
||
| Industrial Applicability | The proposed system provides supervised and semi-supervised intrusion detection mechanisms with virtual honeypots and high-interaction physical honeypots for different ICS application scenarios in which attacks may come from inside or outside of control system networks. The experimental results show that the proposed method outperforms other methods in almost all performance metrics. The proposed system can be used in many ICS applications such as semiconductor industries, natural gas pipelines, water supply systems, and smart grids. |
||
| Keyword | Intrusion Detection Industrial Control System Honeypot Physical Honeypot Anomaly Detection Supervised Learning Semi-Supervised Learning Long Short-Term Memory Convolutional Autoencoder K-Means | ||
- snoopyrocker12@gmail.com
other people also saw