An Intrusion Detection Method for Industrial Control System against Stealthy Attack

In the last decade, the industrial field has suffered from a large number of attacks, which are diverse and difficult to detect. Aiming at the stealthy attacks suffered by industrial control systems, this paper processed an intrusion detection method oriented to industrial control process. The method focused on the change in the state of the controlled physical system, and under the premise that the alarm mechanism cannot detect the attack, it abstracted the intrusion detection into the optimization stopping of the detection of the state of the controlled system. Through adaptive optimization of the reference value in the non-parametric cumulative sum (CUSUM) algorithm, the detection delay of the industrial control process is further shortened. Simulation experiments show that this method can detect the tampering of the sensor observation data by the attacker in time, and effectively avoid the physical damage of the controlled system.