Towards Low-Barrier Cybersecurity Research and Education for Industrial Control Systems

TL;DR

This paper presents a low-cost, high-fidelity ICS testbed framework that automates cyberattack simulation, data collection, and machine learning-based intrusion detection, facilitating research and education in ICS cybersecurity.

Contribution

It introduces an integrated framework based on 3D simulators for ICS cybersecurity research and education, including a novel intrusion detection model and open-sourced tools.

Findings

MinTWin SVM reduces false positives in intrusion detection

Framework effectively simulates cyberattacks and collects data

Educational use enhances student understanding of ICS cybersecurity

Abstract

The protection of Industrial Control Systems (ICS) that are employed in public critical infrastructures is of utmost importance due to catastrophic physical damages cyberattacks may cause. The research community requires testbeds for validation and comparing various intrusion detection algorithms to protect ICS. However, there exist high barriers to entry for research and education in the ICS cybersecurity domain due to expensive hardware, software, and inherent dangers of manipulating real-world systems. To close the gap, built upon recently developed 3D high-fidelity simulators, we further showcase our integrated framework to automatically launch cyberattacks, collect data, train machine learning models, and evaluate for practical chemical and manufacturing processes. On our testbed, we validate our proposed intrusion detection model called Minimal Threshold and Window SVM (MinTWin SVM) that utilizes unsupervised machine learning via a one-class SVM in combination with a sliding window and classification threshold. Results show that MinTWin SVM minimizes false positives and is responsive to physical process anomalies. Furthermore, we incorporate our framework with ICS cybersecurity education by using our dataset in an undergraduate machine learning course where students gain hands-on experience in practicing machine learning theory with a practical ICS dataset. All of our implementations have been open-sourced.