Defense-in-Depth and Machine Learning-based Intrusion Detection for Industrial Control Systems

 

 

Developing and enhancing defense-in-depth (DiD) security mechanisms for industrial control systems (ICS) is one of the recommended techniques to protect supervisory control and data acquisition (SCADA) systems. However, in case of a possible vulnerability in the DiD approach, it may be possible for an attacker to gain control over the security mechanisms. This paper presents an improved implementation of DiD using the service function chain (SFC). Through machine learning, SFC flows are used to classify and route traffic through DiD dynamically. This proposal is based on the idea that an attacker cannot control at least one security mechanism in each layer of DiD because the SFC routing flows are inaccessible to an attacker and adopted diversity in the choice of security mechanisms. The DiD layers use Network Intrusion Detection System (NIDS) and Deep Packet Inspection (DPI) as security mechanisms. The Security Monitoring System (SMS), a machine learning-based Anomaly Based Detection system, validates the NIDS and DPI classifications. As a result, the SMS outperforms the security tools available in the literature, being 28.6% more reliable in classifying traffic.

 

 

 

 

Datasetflowbag.zip (Download)