Publication Date

12-2019

Date of Final Oral Examination (Defense)

10-22-2019

Type of Culminating Activity

Thesis

Degree Title

Master of Science in Computer Science

Department

Computer Science

Supervisory Committee Chair

Hoda Mehrpouyan, Ph.D.

Supervisory Committee Member

Casey Kennington, Ph.D.

Supervisory Committee Member

Cathie Olschanowsky, Ph.D.

Supervisory Committee Member

Stephen Reese, PE

Abstract

Industrial Control Systems (ICS) are used to control physical processes in the nation's critical infrastructures. They are composed of subsystems that control physical processes by analyzing the information received from the sensors. Based on the state of the process, the controller issues control commands to the actuators. These systems are utilized in a wide variety of operations such as water treatment plants, power, and manufacturing, etc. While the safety and security of these systems are of high concern, recent reports have shown an increase in targeted attacks that are aimed at manipulating the physical processes to cause catastrophic consequences. This emphasizes the need for algorithms and tools that provide resilient and smart attack detection, as well as risk analysis mechanisms to protect the ICS.

To address this need for resiliency, this thesis designs and develops an anomaly detection and risk analysis framework for ICS. The proposed anomaly detection methodology utilizes dilated Convolution and Long-Short Term Memory (LSTM) layers to learn temporal as well as long term dependencies from sensors/actuators data in ICS. This data is passed through a unique feature engineering pipeline where wavelet transformation is utilized on the sensor signals to extract additional features. Additionally, this thesis explores four different variations of supervised deep learning models, as well as an unsupervised one class Support Vector Machine (SVM) model for this problem. Furthermore, an empirical analysis of a single monolithic model for all sensors/actuators in ICS vs distributed models for each segmented process is carried out.

The proposed methodology is validated utilizing sensors/actuators normal and attack data from a miniature water treatment plant known as Secure Water Treatment (SWaT) testbed. The results of our experiments show improvement over existing state-of-the-art anomaly detection algorithms with higher performance than the baselines set previously. In addition, this thesis provides evidence on monolithic models trained on entire processes in ICS performing better than the distributed models due to their ability to learn global relationships within the data. Along with an anomaly detection methodology, this thesis also presents a Colored Petri Net (PN) model for simulating the physical processes based on control code, and modeling risks within the system.

DOI

10.18122/td/1638/boisestate

Share

COinS