Alert correlation for detecting cyber-manufacturing attacks and intrusions

Mingtao Wu, Young B. Moon

Research output: Contribution to journalArticlepeer-review

Abstract

Cyber-manufacturing system (CMS) is a vision of smart factories where manufacturing processes are fully integrated with computational components. In CMS, an effective intrusion detection system (IDS) is essential in protecting manufacturing operations from cyber-physical attacks. Current IDS analyses data from cyber and physical domains but produces reports separately for cyber domain and physical domain. To utilize connections between cyber and physical alerts, this paper presents a cyber-physical alert correlation method. To evaluate the method, four case studies have been developed and carried out on a CMS testbed. The experimental results demonstrate that the method can effectively reduce the number of false alerts, improve the detection accuracy, and identify root causes.

Original languageEnglish (US)
Article number011004-1
JournalJournal of Computing and Information Science in Engineering
Volume20
Issue number1
DOIs
StatePublished - Feb 2020

Keywords

  • Cyber manufacturing
  • Cyber-physical security for factories
  • Data-driven engineering

ASJC Scopus subject areas

  • Software
  • Computer Science Applications
  • Computer Graphics and Computer-Aided Design
  • Industrial and Manufacturing Engineering

Fingerprint

Dive into the research topics of 'Alert correlation for detecting cyber-manufacturing attacks and intrusions'. Together they form a unique fingerprint.

Cite this