Abstract
This paper presents the estimation-inspection algorithm, a statistical algorithm for anomaly detection in process control networks. The algorithm determines if the payload of a network packet that is about to be processed by a control system is normal or abnormal based on the effect that the packet will have on a variable stored in control system memory. The estimation part of the algorithm uses logistic regression integrated with maximum likelihood estimation in an inductive machine learning process to estimate a series of statistical parameters; these parameters are used in conjunction with logistic regression formulas to form a probability mass function for each variable stored in control system memory. The inspection part of the algorithm uses the probability mass functions to estimate the normalcy probability of a specific value that a network packet writes to a variable. Experimental results demonstrate that the algorithm is very effective at detecting anomalies in process control networks. © IFIP International Federation for Information Processing 2009.
Author supplied keywords
Cite
CITATION STYLE
Rrushi, J., & Kang, K. D. (2009). Detecting anomalies in process control networks. In IFIP Advances in Information and Communication Technology (Vol. 311, pp. 151–165). https://doi.org/10.1007/978-3-642-04798-5_11
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
