Not enough data to create a plot.
Try a different view from the menu above.
USB drives are used by ransomware attackers to distribute malware across the air gap that all industrial distribution, manufacturing, and utility firms rely on as their first line of defense against cyber attacks. According to Honeywell's Industrial Cybersecurity USB Threat Report 2021, 79 percent of USB assaults have the potential to damage operational technologies (OT) that power industrial processing plants. The incidence of malware-based USB attacks is one of the most rapidly developing and difficult-to-detect threat vectors that process industries such as public utilities confront today, according to the research. As the Colonial Pipeline and JBS Foods demonstrate, this type of attack vector is particularly effective. Utility companies are also being targeted by ransomware criminals, as the thwarted water treatment plant attacks in Florida and Northern California illustrate.
Today's Cyber-Physical Systems (CPSs) are large, complex, and affixed with networked sensors and actuators that are targets for cyber-attacks. Conventional detection techniques are unable to deal with the increasingly dynamic and complex nature of the CPSs. On the other hand, the networked sensors and actuators generate large amounts of data streams that can be continuously monitored for intrusion events. Unsupervised machine learning techniques can be used to model the system behaviour and classify deviant behaviours as possible attacks. In this work, we proposed a novel Generative Adversarial Networks-based Anomaly Detection (GAN-AD) method for such complex networked CPSs. We used LSTM-RNN in our GAN to capture the distribution of the multivariate time series of the sensors and actuators under normal working conditions of a CPS. Instead of treating each sensor's and actuator's time series independently, we model the time series of multiple sensors and actuators in the CPS concurrently to take into account of potential latent interactions between them. To exploit both the generator and the discriminator of our GAN, we deployed the GAN-trained discriminator together with the residuals between generator-reconstructed data and the actual samples to detect possible anomalies in the complex CPS. We used our GAN-AD to distinguish abnormal attacked situations from normal working conditions for a complex six-stage Secure Water Treatment (SWaT) system. Experimental results showed that the proposed strategy is effective in identifying anomalies caused by various attacks with high detection rate and low false positive rate as compared to existing methods.