CNN based method for the development of cyber-attacks detection algorithms in industrial control systems

Extensive communication between smart devices in contemporary Industrial Control Systems (ICS) opens up a vast area for different cyber-attacks and malicious threats. The negative effects of these attacks can not only disrupt or completely disable the system functioning, but also they can have serious safety related consequences. Therefore, cybersecurity in ICS becomes one of the most important issues. In this paper we propose a method for the design of algorithms for the detection of cyber-attacks on communication links between smart devices. The method belongs to the class of semi-supervised data driven approaches and it is based on Convolutional Neural Networks (CNN). Starting from a predefined range of network hyperparameters and data obtained from system operation without attacks, the proposed method autonomously selects suitable CNN architecture and thresholds for online intrusion detection. Following the characteristics of ICS, the proposed intrusion detection is host based, and in our research we consider the structure of ICS and the feasibility of the attack detection algorithm implementation on control system devices. The method is experimentally verified using two case studies. In the first case study that refers to the publicly available dataset obtained from Secure Water Treatment (SWaT) testbed, we present a comparative analysis of the developed method with alternative approaches. The second case study considers a custom developed electro-pneumatic positioning system; in this system we carry out the real-world implementation and validation of the intrusion detection algorithm developed using the proposed method.