Digital Twin-based Intrusion Detection for Industrial Control Systems
Abstract: Digital twins for industrial control systems have gained significant interest over recent years. This attention is mainly because of the advanced capabilities offered by digital twins in the areas of simulation, optimization, and predictive maintenance. Some recent studies discuss the possibility of using digital twins for intrusion detection in industrial control systems. To this end, this thesis aims to propose a security framework for industrial control systems including its digital twin for security monitoring and a machine learning-based intrusion detection system for real-time intrusion detection. The digital twin solution used in this study is a standalone simulation of an industrial filling plant available as open-source. After thoroughly evaluating the implementation aspects of the existing knowledge-driven open-source digital twin solutions of industrial control systems, this solution is chosen. The cybersecurity analysis approach utilizes this digital twin to model and execute different realistic process-aware attack scenarios and generate a training dataset reflecting the process measurements under normal operations and attack scenarios. A total of 23 attack scenarios are modelled and executed in the digital twin and these scenarios belong to four different attack types, naming command injection, network DoS, calculated measurement injection, and naive measurement injection. Furthermore, the proposed framework also includes a machine learning-based intrusion detection system. This intrusion detection system is designed in two stages. The first stage involves an offline evaluation of the performance of eight different supervised machine learning algorithms on the labelled dataset. In the second stage, a stacked ensemble classifier model that combines the best performing supervised algorithms on different training dataset labels is modelled as the final machine learning model. This stacked ensemble model is trained offline using the labelled dataset and then used for classifying the incoming data samples from the digital twin during the live operation of the system. The results show that the designed intrusion detection system is capable of detecting and classifying intrusions in near real-time (0.1 seconds). The practicality and benefits of the proposed digital twin-based security framework are also discussed in this work.
AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)