TY - JOUR
T1 - Attack Detection and Location Using State Forecasting in Multivariate Time Series of ICS
AU - Cao, Guoyan
AU - Wu, Yue
AU - Yu, Dengxiu
AU - Wang, Zhen
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2025
Y1 - 2025
N2 - ICS (industrial control systems) security researches have paid a great effort on anomaly detection base on the analyzes of communication protocols, network dataflow, sensor time series. However, few research have been done to recognize cyber attacks as well as the localization, which make active security control impossible. Actually, to recognize cyber attacks is crucial for ICS security control. In this paper, we proposed a novel multivariate time series attack detection and location framework based on adaptive state space formulation and forecasting. To dynamically describe systems' state transition characteristics, a graph structure learning scheme was designed based on Attention mechanism. Furthermore, to achieve state forecasting of systems, an improved Kalman filter with Transformer mechanism was proposed. Experiments on datasets from real industrial scenario demonstrated the effectiveness, and proved that the proposed method achieved higher location accuracy than the state-of-the-art methods.
AB - ICS (industrial control systems) security researches have paid a great effort on anomaly detection base on the analyzes of communication protocols, network dataflow, sensor time series. However, few research have been done to recognize cyber attacks as well as the localization, which make active security control impossible. Actually, to recognize cyber attacks is crucial for ICS security control. In this paper, we proposed a novel multivariate time series attack detection and location framework based on adaptive state space formulation and forecasting. To dynamically describe systems' state transition characteristics, a graph structure learning scheme was designed based on Attention mechanism. Furthermore, to achieve state forecasting of systems, an improved Kalman filter with Transformer mechanism was proposed. Experiments on datasets from real industrial scenario demonstrated the effectiveness, and proved that the proposed method achieved higher location accuracy than the state-of-the-art methods.
KW - attack detection and location
KW - graph structure learning
KW - Multivariate time series
KW - state forecast
KW - state space model
UR - http://www.scopus.com/inward/record.url?scp=105002010452&partnerID=8YFLogxK
U2 - 10.1109/TNSE.2025.3555764
DO - 10.1109/TNSE.2025.3555764
M3 - 文章
AN - SCOPUS:105002010452
SN - 2327-4697
JO - IEEE Transactions on Network Science and Engineering
JF - IEEE Transactions on Network Science and Engineering
ER -