Standard

TABOR : A Graphical Model-based Approach for Anomaly Detection in Industrial Control Systems. / Lin, Qin; Adepu, Sridha; Verwer, Sicco; Mathur, Aditya.

ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. New York : Association for Computing Machinery (ACM), 2018. p. 525-536.

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Harvard

Lin, Q, Adepu, S, Verwer, S & Mathur, A 2018, TABOR: A Graphical Model-based Approach for Anomaly Detection in Industrial Control Systems. in ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery (ACM), New York, pp. 525-536, 13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018, Incheon, Korea, Republic of, 4/06/18. https://doi.org/10.1145/3196494.3196546

APA

Lin, Q., Adepu, S., Verwer, S., & Mathur, A. (2018). TABOR: A Graphical Model-based Approach for Anomaly Detection in Industrial Control Systems. In ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security (pp. 525-536). New York: Association for Computing Machinery (ACM). https://doi.org/10.1145/3196494.3196546

Vancouver

Lin Q, Adepu S, Verwer S, Mathur A. TABOR: A Graphical Model-based Approach for Anomaly Detection in Industrial Control Systems. In ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. New York: Association for Computing Machinery (ACM). 2018. p. 525-536 https://doi.org/10.1145/3196494.3196546

Author

Lin, Qin ; Adepu, Sridha ; Verwer, Sicco ; Mathur, Aditya. / TABOR : A Graphical Model-based Approach for Anomaly Detection in Industrial Control Systems. ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. New York : Association for Computing Machinery (ACM), 2018. pp. 525-536

BibTeX

@inproceedings{1b8dd99c4bb24e469fdccfcb2c7aa4f3,
title = "TABOR: A Graphical Model-based Approach for Anomaly Detection in Industrial Control Systems",
abstract = "Industrial Control Systems (ICS) such as water and power are critical to any society. Process anomaly detection mechanisms have been proposed to protect such systems to minimize the risk of damage or loss of resources. In this paper, a graphical model-based approach is proposed for profiling normal operational behavior of an operational ICS referred to as SWaT (Secure Water Treatment). Timed automata are learned as a model of regular behaviors shown in sensors signal like fluctuations of water level in tanks. Bayesian networks are learned to discover dependencies between sensors and actuators. The models are used as a one-class classifier for process anomaly detection, recognizing irregular behavioral patterns and dependencies. The detection results can be interpreted and the abnormal sensors or actuators localized due to the interpretability of the graphical models. This approach is applied to a dataset collected from SWaT. Experimental results demonstrate the model's superior performance on both precision and run-time over methods including support vector machine and deep neural networks. The underlying idea is generic and applicable to other industrial control systems such as power and transportation.",
keywords = "Anomaly detection, Bayesian network, Cyber-physical system, Industrial control systems, SCADA security, Timed automata",
author = "Qin Lin and Sridha Adepu and Sicco Verwer and Aditya Mathur",
year = "2018",
doi = "10.1145/3196494.3196546",
language = "English",
isbn = "978-1-4503-5576-6",
pages = "525--536",
booktitle = "ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security",
publisher = "Association for Computing Machinery (ACM)",
address = "United States",

}

RIS

TY - GEN

T1 - TABOR

T2 - A Graphical Model-based Approach for Anomaly Detection in Industrial Control Systems

AU - Lin, Qin

AU - Adepu, Sridha

AU - Verwer, Sicco

AU - Mathur, Aditya

PY - 2018

Y1 - 2018

N2 - Industrial Control Systems (ICS) such as water and power are critical to any society. Process anomaly detection mechanisms have been proposed to protect such systems to minimize the risk of damage or loss of resources. In this paper, a graphical model-based approach is proposed for profiling normal operational behavior of an operational ICS referred to as SWaT (Secure Water Treatment). Timed automata are learned as a model of regular behaviors shown in sensors signal like fluctuations of water level in tanks. Bayesian networks are learned to discover dependencies between sensors and actuators. The models are used as a one-class classifier for process anomaly detection, recognizing irregular behavioral patterns and dependencies. The detection results can be interpreted and the abnormal sensors or actuators localized due to the interpretability of the graphical models. This approach is applied to a dataset collected from SWaT. Experimental results demonstrate the model's superior performance on both precision and run-time over methods including support vector machine and deep neural networks. The underlying idea is generic and applicable to other industrial control systems such as power and transportation.

AB - Industrial Control Systems (ICS) such as water and power are critical to any society. Process anomaly detection mechanisms have been proposed to protect such systems to minimize the risk of damage or loss of resources. In this paper, a graphical model-based approach is proposed for profiling normal operational behavior of an operational ICS referred to as SWaT (Secure Water Treatment). Timed automata are learned as a model of regular behaviors shown in sensors signal like fluctuations of water level in tanks. Bayesian networks are learned to discover dependencies between sensors and actuators. The models are used as a one-class classifier for process anomaly detection, recognizing irregular behavioral patterns and dependencies. The detection results can be interpreted and the abnormal sensors or actuators localized due to the interpretability of the graphical models. This approach is applied to a dataset collected from SWaT. Experimental results demonstrate the model's superior performance on both precision and run-time over methods including support vector machine and deep neural networks. The underlying idea is generic and applicable to other industrial control systems such as power and transportation.

KW - Anomaly detection

KW - Bayesian network

KW - Cyber-physical system

KW - Industrial control systems

KW - SCADA security

KW - Timed automata

UR - http://www.scopus.com/inward/record.url?scp=85049167693&partnerID=8YFLogxK

U2 - 10.1145/3196494.3196546

DO - 10.1145/3196494.3196546

M3 - Conference contribution

SN - 978-1-4503-5576-6

SP - 525

EP - 536

BT - ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security

PB - Association for Computing Machinery (ACM)

CY - New York

ER -

ID: 47722115