Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

High-performance unsupervised anomaly detection for cyber-physical system networks

 
: Schneider, Peter; Böttinger, Konstantin

:

Lie, D. ; Association for Computing Machinery -ACM-:
CPS-SPC 2018, Workshop on Cyber-Physical Systems Security and PrivaCy. Proceedings : Toronto, Canada, October 15 - 19, 2018
New York: ACM, 2018
ISBN: 978-1-4503-5992-4
S.1-12
Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC) <2018, Toronto>
Conference on Computer and Communications Security (CCS) <25, 2018, Toronto>
Bundesministerium für Bildung und Forschung BMBF
KIS4ITS0001; IUNO
Englisch
Konferenzbeitrag
Fraunhofer AISEC ()

Abstract
While the ever-increasing connectivity of cyber-physical systems enlarges their attack surface, existing anomaly detection frameworks often do not incorporate the rising heterogeneity of involved systems. Existing frameworks focus on a single fieldbus protocol or require more detailed knowledge of the cyber-physical system itself. Thus, we introduce a uniform method and framework for applying anomaly detection to a variety of fieldbus protocols. We use stacked denoising autoencoders to derive a feature learning and packet classification method in one step. As the approach is based on the raw byte stream of the network traffic, neither specific protocols nor detailed knowledge of the application is needed. Additionally, we pay attention on creating an efficient framework which can also handle the increased amount of communication in cyber-physical systems. Our evaluation on a Secure Water Treatment dataset using EtherNet/IP and a Modbus dataset shows that we can acquire network packets up to 100 times faster than packet parsing based methods. However, we still achieve precision and recall metrics for longer lasting attacks of over 99%.

: http://publica.fraunhofer.de/dokumente/N-525035.html