CIDF:Combined Intrusion Detection Framework in Industrial Control Systems based on Packet Signature and Enhanced FSFDP

CIDF:Combined Intrusion Detection Framework in Industrial Control Systems based on Packet Signature and Enhanced FSFDP

연구 분야: Infrastructure

학회: Internetware '24: Proceedings of the 15th Asia-Pacific Symposium on Internetware

Industrial Control System (ICS) is vital to critical infrastructures, yet it faces increasing security threats. Current Intrusion Detection System (IDS) designed for ICS often overlooks the unbalanced resource distribution among devices at different layers and primarily focus on known attacks, rendering it difficult to be deployed on all key nodes and vulnerable to unknown threats. To address above issues, we propose a Combined Intrusion Detection Framework (CIDF). This innovative approach is based on strategy of “multi-level layered deployment, combined detection”, deploying the Packet Signature model and the Enhanced Fast Search and Find of Density Peaks (EFSFDP) model on devices at different layers. To achieve optimal use of resource and full protection for ICS and combining the advantages of multiple detection methods to effective detect both known and unknown attacks. The Evaluation using a public gas pipeline dataset and a private dataset shows our approach outperforms existing methods, achieving an average Accuracy, Precision, and Recall of 94%, 95.5%, and 86.5% respectively, and along with superior detection speed.