Detecting Anomalies in Industrial Control Systems with LSTM Neural Networks and UEBA
Published in 2023 JNIC Cybersecurity Conference (JNIC), 2023
Recommended citation: C. Piñón-Blanco, F. Otero-Vázquez, I. Ortega-Fernandez and M. Sestelo, "Detecting Anomalies in Industrial Control Systems with LSTM Neural Networks and UEBA," 2023 JNIC Cybersecurity Conference (JNIC), Vigo, Spain, 2023, pp. 1-8, doi: 10.23919/JNIC58574.2023.10205609. https://ieeexplore.ieee.org/abstract/document/10205609/
The increasing adoption of the Industrial Internet of Things and integration of operational technology with information technology networks have made industrial control systems (ICS) more vulnerable to cyber-attacks, which can cause severe consequences such as disruption of critical infrastructure, loss of data, and significant financial losses. To enhance the security and resilience of these systems, anomaly detection in ICS has gained significant attention in recent years. This paper introduces ongoing research focused on using Long Short-Term Memory (LSTM) neural networks for forecasting and subsequent anomaly detection over device logs. This approach involves User and Entity Behaviour Analytics (UEBA) to analyze and define entities of interest from a real industrial plant and extract a baseline behaviour model through features that are fed into the LSTM model for predicting future events and detecting anomalies. The proposed solution has the potential to provide real-time detection of cyber and physical threats, thereby enhancing the security and resilience of industrial control systems.