H. Ochiai, Md. Delwar Hossain, Y. Kadobayashi, H. Esaki
{"title":"RS-485工业控制网络中基于机器学习的攻击者定位","authors":"H. Ochiai, Md. Delwar Hossain, Y. Kadobayashi, H. Esaki","doi":"10.1109/WFCS57264.2023.10144114","DOIUrl":null,"url":null,"abstract":"Cyber-attacks on industrial control systems (ICSs) may cause huge damage to our society and our lives. RS-485 is a backbone network for many ICSs deployed worldwide as a standard. Attack detection in the RS-485 network has been studied in the past. However, the operator still needs to identify and eliminate the attacker in the network after detected, which may require a huge downtime of the system. We propose an attacker localization framework for RS-485 networks. This framework uses (1) a current transformer for monitoring the analog signals of the communication line and (2) machine learning for detecting and localizing the attacker. We have carried out a performance evaluation on a 200-meter scale testbed and found that regression-based localization model performed the best with an averaging aggregator. It could estimate the location of the attacker with about 100% accuracy if we could obtain 6 or 10 attacker points in the training dataset. It could also estimate the location with 93%-96% accuracy with only 4 attacker training points, which would be still practically useful for finding the attacker in RS-485 network.","PeriodicalId":345607,"journal":{"name":"2023 IEEE 19th International Conference on Factory Communication Systems (WFCS)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Attacker Localization with Machine Learning in RS-485 Industrial Control Networks\",\"authors\":\"H. Ochiai, Md. Delwar Hossain, Y. Kadobayashi, H. Esaki\",\"doi\":\"10.1109/WFCS57264.2023.10144114\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cyber-attacks on industrial control systems (ICSs) may cause huge damage to our society and our lives. RS-485 is a backbone network for many ICSs deployed worldwide as a standard. Attack detection in the RS-485 network has been studied in the past. However, the operator still needs to identify and eliminate the attacker in the network after detected, which may require a huge downtime of the system. We propose an attacker localization framework for RS-485 networks. This framework uses (1) a current transformer for monitoring the analog signals of the communication line and (2) machine learning for detecting and localizing the attacker. We have carried out a performance evaluation on a 200-meter scale testbed and found that regression-based localization model performed the best with an averaging aggregator. It could estimate the location of the attacker with about 100% accuracy if we could obtain 6 or 10 attacker points in the training dataset. It could also estimate the location with 93%-96% accuracy with only 4 attacker training points, which would be still practically useful for finding the attacker in RS-485 network.\",\"PeriodicalId\":345607,\"journal\":{\"name\":\"2023 IEEE 19th International Conference on Factory Communication Systems (WFCS)\",\"volume\":\"22 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-04-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 IEEE 19th International Conference on Factory Communication Systems (WFCS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WFCS57264.2023.10144114\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE 19th International Conference on Factory Communication Systems (WFCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WFCS57264.2023.10144114","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Attacker Localization with Machine Learning in RS-485 Industrial Control Networks
Cyber-attacks on industrial control systems (ICSs) may cause huge damage to our society and our lives. RS-485 is a backbone network for many ICSs deployed worldwide as a standard. Attack detection in the RS-485 network has been studied in the past. However, the operator still needs to identify and eliminate the attacker in the network after detected, which may require a huge downtime of the system. We propose an attacker localization framework for RS-485 networks. This framework uses (1) a current transformer for monitoring the analog signals of the communication line and (2) machine learning for detecting and localizing the attacker. We have carried out a performance evaluation on a 200-meter scale testbed and found that regression-based localization model performed the best with an averaging aggregator. It could estimate the location of the attacker with about 100% accuracy if we could obtain 6 or 10 attacker points in the training dataset. It could also estimate the location with 93%-96% accuracy with only 4 attacker training points, which would be still practically useful for finding the attacker in RS-485 network.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
