A Standardized ICS Network Data Processing Flow with Generative Model in Anomaly Detection

Abstract

Industrial control systems (ICS) now usually connect to Wireless Sensor Networks and the Internet, exposing them to security threats resulting from cyber-attacks. However, detecting such attacks is non-trivial task. The high-dimensional network data pose significant challenges on security anomaly detection. In this work, we propose a network flow data processing method, which can make the complex network data more standardized and unified to assist security anomaly detection. Then, data generation method is applied to collect enough training data. We also propose a evaluation method for generated data. Finally, the bidirectional recurrent neural networks with attention mechanism is proposed to extract the latent feature, and give an explainable results in identifying the dominant attributes. Empirical results show our method outperforms the state-of-the-art models.