Intrusion Detection in Industrial Control Networks

By enabling remote connectivity via the Internet, industrial control systems have been developed more efficiently. This progress has, however, increased the susceptibility of industrial systems, as evidenced by several cyberattacks within the realm of industrial networks. Moreover, modern industrial protocols have introduced countless vulnerabilities and attacks on industrial control systems which indicates the importance of security mechanisms such as intrusion detection Systems. Multiple techniques have been developed for an intrusion detection system for industrial control networks. In this research, we propose an ensemble intrusion detection system, where we deploy three different intrusion detection techniques, working concurrently and generating alerts in the event of attacks. We use Snort as a signature-based tool to develop a rule set to detect signature-based attacks. The Kalman filter has been used to detect the ICS sensor and actuator attacks. For the last technique, we have been using an LSTM-based autoencoder, an AI-based anomaly detector, for real-time system awareness. This IDS has been tested on data coming from a tank level-control testbed. The IDS successfully detected all the attacks launched on the testbed.