Process-aware ML based Intrusion Detection for Industrial Control Systems

Industrial Control Systems (ICS) are vital components of many infrastructures and directly impact the real world. Protecting these systems from attacks is essential, especially in the current context with an increasing number of attacks on industrial systems. This thesis proposes implementing an Intrusion Detection System (IDS) based on simple but robust approaches allowing it to adapt easily and not be domain specific. Our approach is based on the Secure Water Treatment (SWaT) testbed created by iTrust, Centre for Research in Cyber Security, Singapore University of Technology and Design. Our approach required a rigorous analysis of the data collected by the SWaT simulation in order to correct inconsistencies and generalize our models. We implemented five anomaly detection models, which occur on different types of data. They result in a combination, creating a multi-model approach to deciding whether an event must be triggered. Our models give us results showing the reliability of our robust statistical approach.