Context-Aware Intrusion Detection in Industrial Control Systems

Context-Aware Intrusion Detection in Industrial Control Systems

연구 분야: Infrastructure

학회: RICSS '24: Proceedings of the 2024 Workshop on Re-design Industrial Control Systems with Security

Industrial Control Systems (ICS) are critical to various sectors, including water treatment, energy, and manufacturing, making them prime targets for Advanced Persistent Threats (APTs). These attacks have the potential to result in serious interruptions, harm to the body, and loss of money. The complexity of ICS environments and high false positive rates make traditional Intrusion Detection Systems (IDS) inadequate at detecting these sophisticated threats. In this work, we provide a provenance-based method with context-based detection rules created with Linear Temporal Logic (LTL) that is specifically designed for ICS attack detection. Through the utilization of comprehensive data and system event history, our approach is able to identify temporal connections and improve the accuracy of differentiating between benign and harmful activity. An attacker could, for example, change control parameters during the chemical dosing process in a water plant system to change the water quality. Our system would notice this because it would correlate the series of events that introduced chemicals based on the changed parameters. The assault will then be detected by it based on the dependencies. This approach reduces false positives, improves overall ICS security, and provides a robust defense against APTs.