A Deep Detection Method of Abnormal State of Industrial Control System Based on Hierarchical Clustering Analysis

A Deep Detection Method of Abnormal State of Industrial Control System Based on Hierarchical Clustering Analysis

연구 분야: Infrastructure

학회: International Conference on Network Simulation and Evaluation

The traditional industrial control system (ICS) is mainly different from the open system of the Internet, but individual closed. However, with the application of the Industrial Internet platform, more and more devices are connected to the enterprise network, which leads to more and more network security issues. Due to the distributed nature of ICS devices, a more convenient deep inspection strategy is needed to monitor the behavior of multiple ICS data sources simultaneously. While deep detection methods can detect attacks such as flooding at an early stage before the attacker reaches the final target, most research papers focus on anomaly detection based on a single source of ICS data. This paper proposes a deep detection method of abnormal state of industrial control system based on hierarchical clustering analysis, using unsupervised predictor and unsupervised clustering method respectively in the anomaly detection stage, and compares its results with conventional anomaly detection. The results show that the deep learning-based anomaly detection method has high accuracy in detecting flooding attacks.