https://www.mdu.se/

mdu.sePublications
Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Identification of Cyberattacks in Industrial Control Systems
Mälardalen University, School of Innovation, Design and Engineering. RISE Research Institute of Sweden, Västerås, Sweden.ORCID iD: 0000-0001-5332-1033
2023 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

As critical infrastructure increasingly relies on Industrial Control Systems (ICS), these systems have become a prime target for cyberattacks. As a result of the move towards Industry 4.0 targets, ICSs are increasingly being connected to the outside world, which makes them even more vulnerable to attacks. To enhance the ICS's security, Intrusion Detection Systems (IDS) are used in detecting and mitigating attacks. However, using real ICS installations for testing IDS can be challenging, as any interference with the ICS could have serious consequences, such as production downtime or compromised safety. Alternatively, ICS testbeds and cybersecurity datasets can be used to analyze, validate, and evaluate the IDS capabilities in a controlled environment. In addition, the complexity of ICSs, combined with the unpredictable and intricate nature of attacks, present a challenge in achieving high detection precision using traditional rule-based models. To tackle this challenge, Machine Learning (ML) have become increasingly attractive for identifying a broader range of attacks.

 

This thesis aims to enhance ICS cybersecurity by addressing the mentioned challenges. We introduce a framework for simulation of virtual ICS security testbeds that can be customized to create extensible, versatile, reproducible, and low-cost ICS testbeds. Using this framework, we create a factory simulation and its ICS to generate an ICS security dataset. We present this dataset as a validation benchmark for intrusion detection methods in ICSs. Finally, we investigate the efficiency and effectiveness of the intrusion detection capabilities of a range of Machine Learning techniques. Our findings show (1) that relying solely on intrusion evidence at a specific moment for intrusion detection can lead to misclassification, as various cyber-attacks may have similar effects at a specific moment, and (2) that AI models that consider the temporal relationship between events are effective in improving the ability to detect attack types.

Place, publisher, year, edition, pages
Västerås: Mälardalen University , 2023.
Series
Mälardalen University Press Licentiate Theses, ISSN 1651-9256 ; 341
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:mdh:diva-62403ISBN: 978-91-7485-598-2 (print)OAI: oai:DiVA.org:mdh-62403DiVA, id: diva2:1755154
Presentation
2023-06-16, Beta, Mälardalens universitet, Västerås, 13:15 (English)
Opponent
Supervisors
Available from: 2023-05-09 Created: 2023-05-05 Last updated: 2023-11-06Bibliographically approved
List of papers
1. Time-series Anomaly Detection and Classification with Long Short-Term Memory Network on Industrial Manufacturing Systems
Open this publication in new window or tab >>Time-series Anomaly Detection and Classification with Long Short-Term Memory Network on Industrial Manufacturing Systems
Show others...
2023 (English)Report (Other (popular science, discussion, etc.))
National Category
Engineering and Technology
Identifiers
urn:nbn:se:mdh:diva-62395 (URN)
Available from: 2023-05-05 Created: 2023-05-05 Last updated: 2023-11-06Bibliographically approved
2. Anomaly Detection Dataset for Industrial Control Systems
Open this publication in new window or tab >>Anomaly Detection Dataset for Industrial Control Systems
(English)Manuscript (preprint) (Other academic)
National Category
Engineering and Technology Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-62392 (URN)
Available from: 2023-05-05 Created: 2023-05-05 Last updated: 2023-06-08Bibliographically approved
3. ICSSIM — A framework for building industrial control systems security testbeds
Open this publication in new window or tab >>ICSSIM — A framework for building industrial control systems security testbeds
Show others...
2023 (English)In: Computers in industry (Print), ISSN 0166-3615, E-ISSN 1872-6194, Vol. 148, article id 103906Article in journal (Refereed) Published
Abstract [en]

With the advent of the smart industry, Industrial Control Systems (ICS) moved from isolated environments to connected platforms to meet Industry 4.0 targets. The inherent connectivity in these services exposes such systems to increased cybersecurity risks. To protect ICSs against cyberattacks, intrusion detection systems (IDS) empowered by machine learning are used to detect abnormal behavior of the systems. Operational ICSs are not safe environments to research IDSs due to the possibility of catastrophic risks. Therefore, realistic ICS testbeds enable researchers to analyze and validate their IDSs in a controlled environment. Although various ICS testbeds have been developed, researchers' access to a low-cost, extendable, and customizable testbed that can accurately simulate ICSs and suits security research is still an important issue.

In this paper, we present ICSSIM, a framework for building customized virtual ICS security testbeds in which various cyber threats and network attacks can be effectively and efficiently investigated. This framework contains base classes to simulate control system components and communications. Simulated components are deployable on actual hardware such as Raspberry Pis, containerized environments like Docker, and simulation environments such as GNS-3. ICSSIM also offers physical process modeling using software and hardware in the loop simulation. This framework reduces the time for developing ICS components and aims to produce extendable, versatile, reproducible, low-cost, and comprehensive ICS testbeds with realistic details and high fidelity. We demonstrate ICSSIM by creating a testbed and validating its functionality by showing how different cyberattacks can be applied.

Keywords
Cybersecurity, Industrial Control System, Testbed, Network Emulation, Cyberattack
National Category
Engineering and Technology Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-62321 (URN)10.1016/j.compind.2023.103906 (DOI)000966310200001 ()2-s2.0-85151016386 (Scopus ID)
Available from: 2023-04-24 Created: 2023-04-24 Last updated: 2023-11-06Bibliographically approved
4. Digital Twin-based Intrusion Detection for Industrial Control Systems
Open this publication in new window or tab >>Digital Twin-based Intrusion Detection for Industrial Control Systems
Show others...
2022 (English)Conference paper, Published paper (Refereed)
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-62399 (URN)10.1109/PerComWorkshops53856.2022.9767492 (DOI)000821801200128 ()2-s2.0-85130615468 (Scopus ID)9781665416474 (ISBN)
Conference
IEEE Annual Conference on Pervasive Computing and Communications Workshops (PerCom)
Available from: 2023-05-05 Created: 2023-05-05 Last updated: 2023-06-08Bibliographically approved

Open Access in DiVA

fulltext(618 kB)424 downloads
File information
File name FULLTEXT02.pdfFile size 618 kBChecksum SHA-512
6116466f79eee1395b03cbe199d9308a67f6ae1a95391b0433d4c4b51f6e24b3f91e9d7767aadd05fe0b15e1c8d09ed6e9a174737744010fea670b81132d56bf
Type fulltextMimetype application/pdf

Authority records

Dehlaghi-Ghadim, Alireza

Search in DiVA

By author/editor
Dehlaghi-Ghadim, Alireza
By organisation
School of Innovation, Design and Engineering
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 425 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 1417 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf