Content area
Full text
Abstract: This research addresses the challenge of anomaly detection in Industrial Control Systems (ICS), recognizing the increasing importance of cyber security in these environments due to recent incidents and evolving technical and regulatory frameworks and mechanisms introduced. It does that by proposing a comprehensive hybrid modelling approach to anomaly detection that bridges the gap between theoretical research and practical applications in real-world industrial settings. Specifically, this methodology focuses on generating a custom dataset for anomaly detection, avoiding the limitations associated with artificial datasets. It does that by merging expert-based formal modelling with Machine Learning (ML) modelling in a Model-Driven Engineering approach aiming at assuring the security and reliability of critical control systems from the transportation and logistics domains. This research contributes to these fields by offering a logical, traceable, and adaptable framework for anomaly detection in ICS, addressing the current challenges identified in literature and regulatory requirements.
Keywords: Industrial control systems, Safety, Security, Attack trees, Anomaly detection, Machine learning
1. Introduction
On December 24, 2015, a significant power outage struck large parts of the Ivano-Frankivsk Oblast, Ukraine, leaving 225,000 people without electricity for up to six hours (Lee, Assante, & Conway, 2016). Investigation revealed that the cause of this outage was the infiltration into the grid's computer and Supervisory Control And Data Acquisition (SCADA) system, leading to the subsequent failure of crucial components when unauthorised actors performed irregular actions in the substation's control systems. This incident, and many of its kind, clearly indicate the potential effect of anomalies impacting critical Industrial Control Systems (ICS). Another example of critical infrastructure can be found in the transport and logistics sector. In particular, railways often rely on advanced Automatic Train Protection (ATP) systems to monitor the safety of traffic on the network. One of the primary ATP systems to monitor the safety of traffic on the network is the European Train Control System (ETCS). In essence, ETCS is also based on ICS whose improper functionality could cause safety and availability implications.
The previously described critical systems underscore the importance of a secure and safe design for an ICS. Such systems underline the necessity to correctly detect, report, and act upon anomalies, whether these anomalies are caused by technical events or malicious intent. Nevertheless, from a technical standpoint,...