Publication Date
12-2019
Date of Final Oral Examination (Defense)
10-22-2019
Type of Culminating Activity
Thesis
Degree Title
Master of Science in Computer Science
Department
Computer Science
Supervisory Committee Chair
Hoda Mehrpouyan, Ph.D.
Supervisory Committee Member
Casey Kennington, Ph.D.
Supervisory Committee Member
Cathie Olschanowsky, Ph.D.
Supervisory Committee Member
Stephen Reese, PE
Abstract
Industrial Control Systems (ICS) are used to control physical processes in the nation's critical infrastructures. They are composed of subsystems that control physical processes by analyzing the information received from the sensors. Based on the state of the process, the controller issues control commands to the actuators. These systems are utilized in a wide variety of operations such as water treatment plants, power, and manufacturing, etc. While the safety and security of these systems are of high concern, recent reports have shown an increase in targeted attacks that are aimed at manipulating the physical processes to cause catastrophic consequences. This emphasizes the need for algorithms and tools that provide resilient and smart attack detection, as well as risk analysis mechanisms to protect the ICS.
To address this need for resiliency, this thesis designs and develops an anomaly detection and risk analysis framework for ICS. The proposed anomaly detection methodology utilizes dilated Convolution and Long-Short Term Memory (LSTM) layers to learn temporal as well as long term dependencies from sensors/actuators data in ICS. This data is passed through a unique feature engineering pipeline where wavelet transformation is utilized on the sensor signals to extract additional features. Additionally, this thesis explores four different variations of supervised deep learning models, as well as an unsupervised one class Support Vector Machine (SVM) model for this problem. Furthermore, an empirical analysis of a single monolithic model for all sensors/actuators in ICS vs distributed models for each segmented process is carried out.
The proposed methodology is validated utilizing sensors/actuators normal and attack data from a miniature water treatment plant known as Secure Water Treatment (SWaT) testbed. The results of our experiments show improvement over existing state-of-the-art anomaly detection algorithms with higher performance than the baselines set previously. In addition, this thesis provides evidence on monolithic models trained on entire processes in ICS performing better than the distributed models due to their ability to learn global relationships within the data. Along with an anomaly detection methodology, this thesis also presents a Colored Petri Net (PN) model for simulating the physical processes based on control code, and modeling risks within the system.
DOI
10.18122/td/1638/boisestate
Recommended Citation
Sapkota, Subin, "FALCON: Framework for Anomaly Detection In Industrial Control Systems" (2019). Boise State University Theses and Dissertations. 1638.
10.18122/td/1638/boisestate