2024 : 11 : 21
Payam Mahmoudi-nasr

Payam Mahmoudi-nasr

Academic rank: Associate Professor
ORCID: 0000-0003-1421-3712
Education: PhD.
ScopusId: 56483175500
HIndex: 0/00
Faculty: Faculty of Technology and Engineering
Address: Associate Professor of Computer Engineering at University of Mazandaran
Phone: 011-35305109

Research

Title
A real-time network based anomaly detection in industrial control systems
Type
JournalPaper
Keywords
Anomaly detection, Auto encoder, Manipulation attack, SCADA
Year
2024
Journal International Journal of Critical Infrastructure Protection
DOI
Researchers Faeze Zare ، Payam Mahmoudi-nasr ، Rohollah Yousefpour

Abstract

Data manipulation attacks targeting network traffc of SCADA systems may compromise the reliability of an Industrial Control system (ICS). This can mislead the control center about the real-time operating conditions of the ICS and can alter commands sent to the feld equipment. Deep Learning techniques appear as a suitable solution for detecting such complicated attacks. This paper proposes a Network based Anomaly Detection System (NADS) to detect data manipulation attacks with a focus on Modbus/TCP-based SCADA systems. The proposed NADS is a sequence to sequence auto encoder which uses the long short term memory units with embedding layer, teacher forcing technique and attention mechanism. The model has been trained and tested using the SWaT dataset, which corresponds to a scaled-down water treatment plant. The model detected 23 of 36 attacks and outperformed two other existing NADS with an improvement of 0.22 for simple attacks and obtained a recall value of 0.86 on attack 36 compared to the other NADS which obtained 0.74.