Alert correlation for detecting cyber-manufacturing attacks and intrusions

Mingtao Wu; Young B. Moon

doi:10.1115/1.4044208

Alert correlation for detecting cyber-manufacturing attacks and intrusions

Mingtao Wu, Young B. Moon

Department of Mechanical & Aerospace Engineering

Research output: Contribution to journal › Article › peer-review

9 Scopus citations

Abstract

Cyber-manufacturing system (CMS) is a vision of smart factories where manufacturing processes are fully integrated with computational components. In CMS, an effective intrusion detection system (IDS) is essential in protecting manufacturing operations from cyber-physical attacks. Current IDS analyses data from cyber and physical domains but produces reports separately for cyber domain and physical domain. To utilize connections between cyber and physical alerts, this paper presents a cyber-physical alert correlation method. To evaluate the method, four case studies have been developed and carried out on a CMS testbed. The experimental results demonstrate that the method can effectively reduce the number of false alerts, improve the detection accuracy, and identify root causes.

Original language	English (US)
Article number	011004-1
Journal	Journal of Computing and Information Science in Engineering
Volume	20
Issue number	1
DOIs	https://doi.org/10.1115/1.4044208
State	Published - Feb 2020

Keywords

Cyber manufacturing
Cyber-physical security for factories
Data-driven engineering

ASJC Scopus subject areas

Software
Computer Science Applications
Computer Graphics and Computer-Aided Design
Industrial and Manufacturing Engineering

Access to Document

10.1115/1.4044208

Cite this

@article{a71a1f2e673e46cca154d03845807d97,

title = "Alert correlation for detecting cyber-manufacturing attacks and intrusions",

abstract = "Cyber-manufacturing system (CMS) is a vision of smart factories where manufacturing processes are fully integrated with computational components. In CMS, an effective intrusion detection system (IDS) is essential in protecting manufacturing operations from cyber-physical attacks. Current IDS analyses data from cyber and physical domains but produces reports separately for cyber domain and physical domain. To utilize connections between cyber and physical alerts, this paper presents a cyber-physical alert correlation method. To evaluate the method, four case studies have been developed and carried out on a CMS testbed. The experimental results demonstrate that the method can effectively reduce the number of false alerts, improve the detection accuracy, and identify root causes.",

keywords = "Cyber manufacturing, Cyber-physical security for factories, Data-driven engineering",

author = "Mingtao Wu and Moon, {Young B.}",

note = "Publisher Copyright: Copyright {\textcopyright} 2019 by ASME.",

year = "2020",

month = feb,

doi = "10.1115/1.4044208",

language = "English (US)",

volume = "20",

journal = "Journal of Computing and Information Science in Engineering",

issn = "1530-9827",

publisher = "The American Society of Mechanical Engineers(ASME)",

number = "1",

}

TY - JOUR

T1 - Alert correlation for detecting cyber-manufacturing attacks and intrusions

AU - Wu, Mingtao

AU - Moon, Young B.

PY - 2020/2

Y1 - 2020/2

N2 - Cyber-manufacturing system (CMS) is a vision of smart factories where manufacturing processes are fully integrated with computational components. In CMS, an effective intrusion detection system (IDS) is essential in protecting manufacturing operations from cyber-physical attacks. Current IDS analyses data from cyber and physical domains but produces reports separately for cyber domain and physical domain. To utilize connections between cyber and physical alerts, this paper presents a cyber-physical alert correlation method. To evaluate the method, four case studies have been developed and carried out on a CMS testbed. The experimental results demonstrate that the method can effectively reduce the number of false alerts, improve the detection accuracy, and identify root causes.

AB - Cyber-manufacturing system (CMS) is a vision of smart factories where manufacturing processes are fully integrated with computational components. In CMS, an effective intrusion detection system (IDS) is essential in protecting manufacturing operations from cyber-physical attacks. Current IDS analyses data from cyber and physical domains but produces reports separately for cyber domain and physical domain. To utilize connections between cyber and physical alerts, this paper presents a cyber-physical alert correlation method. To evaluate the method, four case studies have been developed and carried out on a CMS testbed. The experimental results demonstrate that the method can effectively reduce the number of false alerts, improve the detection accuracy, and identify root causes.

KW - Cyber manufacturing

KW - Cyber-physical security for factories

KW - Data-driven engineering

UR - http://www.scopus.com/inward/record.url?scp=85103433156&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85103433156&partnerID=8YFLogxK

U2 - 10.1115/1.4044208

DO - 10.1115/1.4044208

M3 - Article

AN - SCOPUS:85103433156

SN - 1530-9827

VL - 20

JO - Journal of Computing and Information Science in Engineering

JF - Journal of Computing and Information Science in Engineering

IS - 1

M1 - 011004-1

ER -

Alert correlation for detecting cyber-manufacturing attacks and intrusions

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this