A Study on Anomaly Detection Model Management Methods for Industrial Control System (ICS)

Abstract

Cyber attacks against industrial control systems (ICS) are increasing, and in particular, physical damage caused by the tampering with control commands and sensor data contained in control traffic is a social threat. Since the normal range of data contained in control commands varies by environment, anomaly detection using a self-coder such as Auto Encoder has attracted attention. However, the communication data in an ICS environment contains a huge amount of control packet, and the monitoring target includes the parameters of control commands included in the payload, making it difficult to detect anomalous data in the training data. It is not realistic for system operators to check each packet in the training data one by one to eliminate anomalous data. In this paper, we propose a method to efficiently eliminate anomalous communication data in the training data by semi-supervised learning by feature vectorization of control communication packets using BERT, and confirmed its effectiveness through experiments.