查看文章

Industrial Control Systems (ICS) in public infrastructure, such as water treatment and distribution plants, have become a target of sophisticated cyber-attacks. Given the ever-present insider and other threats in such systems, there is a need to deploy mechanisms for defense and incidence response beyond the traditional. In this work we present AICrit that operates over the physical constraints and domain norms for accurate and timely detection of process anomalies. AICrit learns system-wide normal behavior using design knowledge and machine learning algorithms to recognize abnormal or irregular behavioral patterns resulting due to process anomalies. AICrit was implemented and evaluated in SWaT by launching several real-time stealthy and coordinated attacks. Experimental results attest to the effectiveness of AICrit in the timely detection of process anomalies with a low occurrence of false alarms. The …