Anomaly detection via statistical learning in industrial communication networks Online publication date: Sat, 28-Feb-2015
by Julian L. Rrushi
International Journal of Information and Computer Security (IJICS), Vol. 4, No. 4, 2011
Abstract: In this paper, we discuss a novel statistical learning algorithm that predicts normal flows of process data in a distributed control system, i.e., process data evolutions that characterise the normal behaviour of a cyber-physical system such as a power plant. The algorithm's prediction capability allows for determining whether the payload of a network packet that is about to be processed by a computer device in a distributed control system is normal or malicious. This classification is based on whether or not the process data evolution that a network packet under inspection has potential to cause is predicted as normal by the algorithm. In this paper, we also discuss a probabilistic validation of the algorithm. We construct stochastic activity networks with activity-marking oriented reward structures that model pertinent aspects of the normal operation of a cyber-physical system as a whole as perceived by the algorithm. The solution of these models via a tool such as Mbius indicates whether the algorithm's perception of normalcy is correct. We have implemented the algorithm in the MATLAB programming language, and thus in the paper we also discuss practical testing and evaluation of the effectiveness of the algorithm in a testbed that resembles a power plant.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Information and Computer Security (IJICS):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook