Abstract:
Cyber attacks on Industrial Control Systems (ICS) are considered to be an extremely dangerous threat as they lead material losses or undermine a process. These attacks are mostly targeted to the field level of the critical systems. EtherCAT, one of the most preferred hard real-time protocol in Europe is also open to both known and zero-day attacks. In this work, EtherCAT based anomaly detection is studied applying machine learning methods. To do this, first, a water level control testbed is developed in laboratory scale. Attack vectors are created, and a dataset is formed considering EtherCAT communication principles. Secondly, attributes related to the running-process are selected and reduced. Finally, anomalies are detected both for supervised and unsupervised methods and an evaluation of the methods are done. Results showed that, SVM and Random Forest can be used for EtherCAT anomaly detection as supervised methods. It is also observed that each algorithm applied in unsupervised learning is successful in detecting a specific attack trace.
Description:
This work was partially supported by the BAPK, Scientific Research Projects Unit of the Sakarya University (Grant No. 2015-50-02-025), and in part by the TUBITAK, Scientific and Technological Research Council of Turkey (Grant No. 118E263).
Bu yayının lisans anlaşması koşulları tam metin açık erişimine izin vermemektedir.
