You are required to read and agree to the below before accessing a full-text version of an article in the IDE article repository.

The full-text document you are about to access is subject to national and international copyright laws. In most cases (but not necessarily all) the consequence is that personal use is allowed given that the copyright owner is duly acknowledged and respected. All other use (typically) require an explicit permission (often in writing) by the copyright owner.

For the reports in this repository we specifically note that

  • the use of articles under IEEE copyright is governed by the IEEE copyright policy (available at http://www.ieee.org/web/publications/rights/copyrightpolicy.html)
  • the use of articles under ACM copyright is governed by the ACM copyright policy (available at http://www.acm.org/pubs/copyright_policy/)
  • technical reports and other articles issued by M‰lardalen University is free for personal use. For other use, the explicit consent of the authors is required
  • in other cases, please contact the copyright owner for detailed information

By accepting I agree to acknowledge and respect the rights of the copyright owner of the document I am about to access.

If you are in doubt, feel free to contact webmaster@ide.mdh.se

Digital Twin-based Intrusion Detection for Industrial Control Systems

Authors:

Seba Anna Varghese , Alireza Dehlaghi Ghadim, Ali Balador, Zahra Alimadadi , Panos Papadimitratos

Publication Type:

Conference/Workshop Paper

Venue:

2022 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events

Abstract

Digital twins have recently gained significant interest in simulation, optimization, and predictive maintenance of Industrial Control Systems (ICS). Recent studies discuss the possibility of using digital twins for intrusion detection in industrial systems. Accordingly, this study contributes to a digital twin-based security framework for industrial control systems, extending its capabilities for simulation of attacks and defense mechanisms. Four types of process-aware attack scenarios are implemented on a standalone open-source digital twin of an industrial filling plant: command injection, network Denial of Service (DoS), calculated measurement modification, and naive measurement modification. %Moreover, eight supervised machine learning algorithms are evaluated for offlinehttps://www.overleaf.com/project/60e57f4f83f2924ebe69a3c0 intrusion detection. At the next step, a real-time stacked ensemble classifier is proposed based on first step results. A stacked ensemble classifier is proposed as the real-time intrusion detection, based on the offline evaluation of eight supervised machine learning algorithms. %% The next sentences need revision The designed stacked model outperforms previous methods in terms of F1-Score and accuracy, by combining the predictions of various algorithms, while it can detect and classify intrusions in near real-time (0.1 seconds). This study also discusses the practicality and benefits of the proposed digital twin-based security framework.

Bibtex

@inproceedings{Varghese6665,
author = {Seba Anna Varghese and Alireza Dehlaghi Ghadim and Ali Balador and Zahra Alimadadi and Panos Papadimitratos},
title = {Digital Twin-based Intrusion Detection for Industrial Control Systems},
month = {May},
year = {2022},
booktitle = {2022 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events},
url = {http://www.es.mdu.se/publications/6665-}
}