Anomaly detection using isomorphic analysis for false data injection attacks in industrial control systems

Abstract

<p>As the Industrial Internet-of-Things (IIoT) evolves, a growing number of industrial control systems (ICSs) are connecting to the Internet, making them more vulnerable to malicious attacks. This paper addresses the detection of false data injection (FDI) attacks, a prevalent threat to open ICSs. We introduce an innovative anomaly detection technique using isomorphic analysis to safeguard ICSs against FDI attacks. Isomorphic analysis involves comparing transmitted signals with their expected values, which are derived from mathematical models or isomorphic components. For a comprehensive defense mechanism, we incorporate three specific detectors: the control signal detector, the actuating signal detector, and the sensor reading detector. Designed to detect FDI attacks across various parts of the ICS, these detectors ensure the integrity of all transmitted signals throughout the physical control system. While the control signal detector adopts a threshold method, the other two rely on statistical approaches. If an attack is detected, the detectors can correct tampered signals before they reach downstream components, enhancing the system's overall resilience and fault tolerance. The effectiveness of these detectors is supported by rigorous mathematical proofs. Moreover, our experimental findings further reveal the superiority of the isomorphic strategy over prior work in terms of detection rate, detection time delay, and system resilience.</p>