Digital Twin-based Intrusion Detection for Industrial Control Systems

TL;DR

This paper presents a digital twin-based intrusion detection framework for industrial control systems, utilizing a stacked ensemble classifier to detect various attack types in near real-time, enhancing security and response capabilities.

Contribution

It introduces a novel digital twin security framework with attack simulation and a stacked ensemble classifier for real-time intrusion detection in ICS.

Findings

The stacked ensemble classifier outperforms individual algorithms in accuracy and F1-Score.

The system detects and classifies intrusions within 0.1 seconds.

Four attack scenarios are successfully simulated and identified.

Abstract

Digital twins have recently gained significant interest in simulation, optimization, and predictive maintenance of Industrial Control Systems (ICS). Recent studies discuss the possibility of using digital twins for intrusion detection in industrial systems. Accordingly, this study contributes to a digital twin-based security framework for industrial control systems, extending its capabilities for simulation of attacks and defense mechanisms. Four types of process-aware attack scenarios are implemented on a standalone open-source digital twin of an industrial filling plant: command injection, network Denial of Service (DoS), calculated measurement modification, and naive measurement modification. A stacked ensemble classifier is proposed as the real-time intrusion detection, based on the offline evaluation of eight supervised machine learning algorithms. The designed stacked model outperforms previous methods in terms of F1-Score and accuracy, by combining the predictions of various algorithms, while it can detect and classify intrusions in near real-time (0.1 seconds). This study also discusses the practicality and benefits of the proposed digital twin-based security framework.