Intrusion Detection Techniques for Industrial Control Systems

Yang An; Sun Limin; Wang Xiaoshan; Shi Zhiqiang

doi:10.7544/issn1000-1239.2016.20150465

Journal of Computer Research and Development > 2016 > 53(9): 2039-2054. > DOI: 10.7544/issn1000-1239.2016.20150465 CSTR: 32373.14.issn1000-1239.2016.20150465

Yang An, Sun Limin, Wang Xiaoshan, Shi Zhiqiang. Intrusion Detection Techniques for Industrial Control Systems[J]. Journal of Computer Research and Development, 2016, 53(9): 2039-2054. DOI: 10.7544/issn1000-1239.2016.20150465

Citation:

PDF (3056 KB)

Intrusion Detection Techniques for Industrial Control Systems

¹(Key Laboratory of IOT Information Security Technology(Institute of Information Engineering,Chinese Academy of Sciences), Beijing 100093)
²(University of Chinese Academy of Sciences, Beijing 100049)

More Information

Published Date: August 31, 2016

Graphical Abstract

Abstract

Abstract

In recent decades, with the introduction of Ethernet and the more close connection with external network, an increasingly larger number of vulnerabilities have been found in the industrial control system (ICS), exposing its serious security problem. These security issues cannot be handled completely due to the variety of the vulnerability. Therefore, we must construct the defense-in-depth system for ICS. In particular, the intrusion detection system (IDS) is one of the most important parts in the defense-in-depth system of ICS. The IDS is able to discover the potential intrusion by misuse detection and anomaly detection. In this survey, we analyze the architecture and characteristics of ICS and provide the detailed descriptions of the security concept of ICS. Then, according to the characteristics of ICS, we put forward a clear requirement of ICS IDS and elaborate its connotation. Moreover, we categorize the existing IDS methods based on the detection strategy, including traffic detection, protocol detection and equipment state detection. In each category, we analyze the detection technique and discuss the detection algorithm. Finally, for future work, from the perspective of the disadvantages of current solutions and the constraints for ICS applications, we summarize some research trends of ICS IDS from the aspects of performance metric, detection technique and detection architecture.
- industrial control system (ICS),
- intrusion detection system (IDS),
- traffic detection,
- protocol detection,
- equipment state detection

FullText(HTML)

References (0)

[1]	Ren Jiadong, Zhang Yafei, Zhang Bing, Li Shangyang. Classification Method of Industrial Internet Intrusion Detection Based on Feature Selection[J]. Journal of Computer Research and Development, 2022, 59(5): 1148-1159. DOI: 10.7544/issn1000-1239.20211152
[2]	Liu Qixu, Chen Yanhui, Ni Jieshuo, Luo Cheng, Liu Caiyun, Cao Yaqin, Tan Ru, Feng Yun, Zhang Yue. Survey on Machine Learning-Based Anomaly Detection for Industrial Internet[J]. Journal of Computer Research and Development, 2022, 59(5): 994-1014. DOI: 10.7544/issn1000-1239.20211147
[3]	Yin Shenglin, Zhang Xinglan, Zuo Liyu. Intrusion Detection System for Dual Route Deep Capsule Network[J]. Journal of Computer Research and Development, 2022, 59(2): 418-429. DOI: 10.7544/issn1000-1239.20200825
[4]	Xu Lijuan, Wang Bailing, Yang Meihong, Zhao Dawei, Han Jideng. Multi-Mode Attack Detection and Evaluation of Abnormal States for Industrial Control Network[J]. Journal of Computer Research and Development, 2021, 58(11): 2333-2349. DOI: 10.7544/issn1000-1239.2021.20210598
[5]	Shi Leyi, Zhu Hongqiang, Liu Yihao, Liu Jia. Intrusion Detection of Industrial Control System Based on Correlation Information Entropy and CNN-BiLSTM[J]. Journal of Computer Research and Development, 2019, 56(11): 2330-2338. DOI: 10.7544/issn1000-1239.2019.20190376
[6]	Ren Jiadong, Liu Xinqian, Wang Qian, He Haitao, Zhao Xiaolin. An Multi-Level Intrusion Detection Method Based on KNN Outlier Detection and Random Forests[J]. Journal of Computer Research and Development, 2019, 56(3): 566-575. DOI: 10.7544/issn1000-1239.2019.20180063
[7]	Yang An, Hu Yan, Zhou Liang, Zheng Weimin, Shi Zhiqiang, Sun Limin. An Industrial Control System Anomaly Detection Algorithm Fusion by Information Flow and State Flow[J]. Journal of Computer Research and Development, 2018, 55(11): 2532-2542. DOI: 10.7544/issn1000-1239.2018.20170671
[8]	Gu Yu, Xu Zongben, Sun Jian, Zheng Jinhui. An Intrusion Detection Ensemble System Based on the Features Extracted by PCA and ICA[J]. Journal of Computer Research and Development, 2006, 43(4): 633-638.
[9]	Wang Jin, Li Dequan, and Feng Dengguo. An Automatically Optimized Distributed Intrusion Detection System Using Mobile Agent[J]. Journal of Computer Research and Development, 2006, 43(1): 9-14.
[10]	Wang Jin, Li Dequan, and Feng Dengguo. An Autonomous Agent-Based Adaptive Distributed Intrusion Detection System[J]. Journal of Computer Research and Development, 2005, 42(11): 1934-1939.