Case Study: Architecting a Solution to Detect Industrial Control System Attacks

This case study presents an anomaly detection solution to prove the power of machine learning algorithms to identify anomalies, such as cyber intrusions, within the domain of Industrial Control Systems (ICS). Industrial Control Systems have extended lifecycles and employ few, if any, security mechanisms. The research objective is to provide a novel, scalable analytic capability that passively collects physical sensor and network layer data and then visualizes the output of data models with detected anomalies. Additionally, the capability is deployable and customizable for the intricacies of ICS environments with the objective of early identification of attacks such as scanning, network mapping, targeting, and other processes. This research is a novel approach to early detection of ICS threat activity with visualizations to deliver prompt incident response.