Publikation
Intrusion Detection in Binary Process Data: Introducing the Hamming-distance to Matrix Profiles
Simon Duque Antón; Hans Dieter Schotten
In: Proceedings of the 6th IEEE International workshop on Communication, Computing, and Networking in Cyber Physical Systems. IEEE International Workshop on Communication, Computing, and Networking in Cyber Physical Systems (CCNCPS-2020), IEEE Press, 2020.
Zusammenfassung
The digitisation of industry provides a plethora of novel applications and use cases to increase flexibility and reduce time and cost efforts. Commonly known as Industry 4.0 or the Industrial Internet of Things, applications make use of communication and computation technology that is becoming available. This enables novel business use cases, such as the digital twin, customer individual production, and data market places. However, the inter-connectivity such use cases rely on also significantly increases the attack surface of industrial enterprises. Sabotage and espionage are aimed at data, which is becoming the most crucial asset of an enterprise. Since the requirements on security solutions in industrial networks are inherently different from office networks, novel approaches for intrusion detection need to be developed. In this work, process data of a real water treatment process that contains attacks is analysed. Analysis is performed by an extension of Matrix Profiles, a motif discovery algorithm for time series. By extending Matrix Profiles with a Hamming-distance metric, binary and tertiary actuators can be integrated into the analysis in a meaningful fashion. This algorithm requires low training effort while providing accurate results. Furthermore, it can be employed in a real-time fashion. Selected actuators in the data set are analysed to highlight the applicability of the extended Matrix Profiles.