Intrusion Detection and Identification Using Tree-Based Machine Learning Algorithms on DCS Network in the Oil Refinery
- Authors
- Kim, Kyoung Ho; Kwak, Byung Il; Han, Mee Lan; Kim, Huy Kang
- Issue Date
- Nov-2022
- Publisher
- IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
- Keywords
- Integrated circuits; Security; Servers; Protocols; Sensor systems; Workstations; Process control; Industrial control system; distributed control system; intrusion detection; attack identification
- Citation
- IEEE TRANSACTIONS ON POWER SYSTEMS, v.37, no.6, pp 4673 - 4682
- Pages
- 10
- Indexed
- SCIE
SCOPUS
- Journal Title
- IEEE TRANSACTIONS ON POWER SYSTEMS
- Volume
- 37
- Number
- 6
- Start Page
- 4673
- End Page
- 4682
- URI
- https://scholar.korea.ac.kr/handle/2021.sw.korea/190622
- DOI
- 10.1109/TPWRS.2022.3150084
- ISSN
- 0885-8950
1558-0679
- Abstract
- Recently, Critical Infrastructures (CI) such as energy, power, transportation, and communication have come to be increasingly dependent on advanced information and communication technology (ICT). This change has increased the connection between the Industrial Control System (ICS) supporting the CI and the Internet, resulting in an increase in security threats and allowing a malicious attacker to manipulate and control the ICS arbitrarily. On the other hand, ICS operators are reluctant to install security systems for fear of adverse effects on normal operations due to system changes. Therefore, new research is needed to detect anomalies quickly and identify attack types while ensuring the high availability of ICS. This study proposes a host-based method to detect and identify abnormalities in an Oil Refinery's Distributed Control System (DCS) network using DCS vendor-proprietary protocols using a proposed method based on the tree-based machine learning algorithm. The results demonstrate that the proposed method can effectively detect an abnormality with the eXtreme Gradient Boosting (XGB) classifier, with up to 99% accuracy. Taken together, the results of this study contribute to the accurate detection of abnormal events and identification of attack types on the network without disrupting the normal operation of the DCS in the Oil Refinery.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - School of Cyber Security > Department of Information Security > 1. Journal Articles
- Graduate School > Department of Cyber Security > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.