H. Ochiai, Md. Delwar Hossain, Y. Kadobayashi, H. Esaki
{"title":"Attacker Localization with Machine Learning in RS-485 Industrial Control Networks","authors":"H. Ochiai, Md. Delwar Hossain, Y. Kadobayashi, H. Esaki","doi":"10.1109/WFCS57264.2023.10144114","DOIUrl":null,"url":null,"abstract":"Cyber-attacks on industrial control systems (ICSs) may cause huge damage to our society and our lives. RS-485 is a backbone network for many ICSs deployed worldwide as a standard. Attack detection in the RS-485 network has been studied in the past. However, the operator still needs to identify and eliminate the attacker in the network after detected, which may require a huge downtime of the system. We propose an attacker localization framework for RS-485 networks. This framework uses (1) a current transformer for monitoring the analog signals of the communication line and (2) machine learning for detecting and localizing the attacker. We have carried out a performance evaluation on a 200-meter scale testbed and found that regression-based localization model performed the best with an averaging aggregator. It could estimate the location of the attacker with about 100% accuracy if we could obtain 6 or 10 attacker points in the training dataset. It could also estimate the location with 93%-96% accuracy with only 4 attacker training points, which would be still practically useful for finding the attacker in RS-485 network.","PeriodicalId":345607,"journal":{"name":"2023 IEEE 19th International Conference on Factory Communication Systems (WFCS)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE 19th International Conference on Factory Communication Systems (WFCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WFCS57264.2023.10144114","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Cyber-attacks on industrial control systems (ICSs) may cause huge damage to our society and our lives. RS-485 is a backbone network for many ICSs deployed worldwide as a standard. Attack detection in the RS-485 network has been studied in the past. However, the operator still needs to identify and eliminate the attacker in the network after detected, which may require a huge downtime of the system. We propose an attacker localization framework for RS-485 networks. This framework uses (1) a current transformer for monitoring the analog signals of the communication line and (2) machine learning for detecting and localizing the attacker. We have carried out a performance evaluation on a 200-meter scale testbed and found that regression-based localization model performed the best with an averaging aggregator. It could estimate the location of the attacker with about 100% accuracy if we could obtain 6 or 10 attacker points in the training dataset. It could also estimate the location with 93%-96% accuracy with only 4 attacker training points, which would be still practically useful for finding the attacker in RS-485 network.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
