{"title":"A novel passive-active detection system for false data injection attacks in industrial control systems","authors":"","doi":"10.1016/j.cose.2024.103996","DOIUrl":null,"url":null,"abstract":"<div><p>With the increasing occurrence of incidents causing significant damage due to attacks on Industrial Control Systems (ICSs), people pay attention to the cyber security of ICSs. This study improves existing active detection mechanisms and proposes an integrated passive-active detection system to detect False Data Injection Attacks (FDIA) for ICS. Since it is challenging to detect FDIA in current operational practices, the method presented in this research not only compares passive received system data with predefined rules to detect attacks but also launches active detection by controlling actuators to find attackers and achieve comprehensive detection of FDIA targeting ICS. This work dynamically adjusts the frequency of launching active detection through risk assessment, aiming to minimize the impact on operational efficiency during low-risk periods and reduce the time required for detecting attacks during high-risk periods. The experimental results show that using the proposed system, when false data differs by 10 % from accurate data, the detection rate can reach 99.9 %, which is 22.5 % higher than active detection by the random launch method when false data differs by 5 % from accurate data, the detection rate can reach 95.4 %, which is 18.2 % higher than active detect by randomly launch method, and even if false data only differs by 3 % from accurate data, the detection rate can reach 92.9 %, which is 16.5 % higher than active detect by randomly launch method.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8000,"publicationDate":"2024-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824003018","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
With the increasing occurrence of incidents causing significant damage due to attacks on Industrial Control Systems (ICSs), people pay attention to the cyber security of ICSs. This study improves existing active detection mechanisms and proposes an integrated passive-active detection system to detect False Data Injection Attacks (FDIA) for ICS. Since it is challenging to detect FDIA in current operational practices, the method presented in this research not only compares passive received system data with predefined rules to detect attacks but also launches active detection by controlling actuators to find attackers and achieve comprehensive detection of FDIA targeting ICS. This work dynamically adjusts the frequency of launching active detection through risk assessment, aiming to minimize the impact on operational efficiency during low-risk periods and reduce the time required for detecting attacks during high-risk periods. The experimental results show that using the proposed system, when false data differs by 10 % from accurate data, the detection rate can reach 99.9 %, which is 22.5 % higher than active detection by the random launch method when false data differs by 5 % from accurate data, the detection rate can reach 95.4 %, which is 18.2 % higher than active detect by randomly launch method, and even if false data only differs by 3 % from accurate data, the detection rate can reach 92.9 %, which is 16.5 % higher than active detect by randomly launch method.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.