TY - JOUR
T1 - Detecting Semantic Attack in SCADA System
T2 - A Behavioral Model Based on Secondary Labeling of States-Duration Evolution Graph
AU - Xu, Lijuan
AU - Wang, Bailing
AU - Wu, Xiaoming
AU - Zhao, Dawei
AU - Zhang, Lei
AU - Wang, Zhen
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2022
Y1 - 2022
N2 - By violating semantic constraints that the control process impose, the semantic attack leads the Industry Control Systems (ICS) into an undesirable state or critical state. The spread of semantic attack has caused huge economic losses and casualties to critical infrastructure. Therefore, detecting semantic attack is referred to an urgent and critical task. However, few existing detecting techniques can achieve satisfactory effects in detecting semantic attack of ICS, due to the high requirements of complete critical state-based semantic behavior features description, joint detection on multivariate type state variables, and validity of field states datasets under semantic attacks. In an effort to deal with above challenges, We label device states databases with temporal characteristics and divide impacts on states of field devices under semantic attacks into three categories, including absent in states set, confused sequences, irregular frequency. On this basis, we establish a behavioral model based on secondary labeling of states-duration evolution graph (BMSLS), then implement an adaptive secure state-based semantic attack detection framework furtherly. Compared with the traditional Auto Regression (AR) algorithm, the newer time series correlation graph model, and other five deep learning algorithms, our proposed framework demonstrates the superior effect on the detection of semantic attack.
AB - By violating semantic constraints that the control process impose, the semantic attack leads the Industry Control Systems (ICS) into an undesirable state or critical state. The spread of semantic attack has caused huge economic losses and casualties to critical infrastructure. Therefore, detecting semantic attack is referred to an urgent and critical task. However, few existing detecting techniques can achieve satisfactory effects in detecting semantic attack of ICS, due to the high requirements of complete critical state-based semantic behavior features description, joint detection on multivariate type state variables, and validity of field states datasets under semantic attacks. In an effort to deal with above challenges, We label device states databases with temporal characteristics and divide impacts on states of field devices under semantic attacks into three categories, including absent in states set, confused sequences, irregular frequency. On this basis, we establish a behavioral model based on secondary labeling of states-duration evolution graph (BMSLS), then implement an adaptive secure state-based semantic attack detection framework furtherly. Compared with the traditional Auto Regression (AR) algorithm, the newer time series correlation graph model, and other five deep learning algorithms, our proposed framework demonstrates the superior effect on the detection of semantic attack.
KW - Critical state
KW - Semantic attack
KW - State-based duration evolation graph
KW - Supervisory control and data acquisition (SCADA)
UR - http://www.scopus.com/inward/record.url?scp=85120549064&partnerID=8YFLogxK
U2 - 10.1109/TNSE.2021.3130602
DO - 10.1109/TNSE.2021.3130602
M3 - 文章
AN - SCOPUS:85120549064
SN - 2327-4697
VL - 9
SP - 703
EP - 715
JO - IEEE Transactions on Network Science and Engineering
JF - IEEE Transactions on Network Science and Engineering
IS - 2
ER -