Kaspersky, profile picture
Uploaded byKaspersky
1,131 views

Detecting ICS Attacks Using Recurrent Neural Networks

The document discusses a methodology to detect industrial control system (ICS) attacks using recurrent neural networks (RNN), focusing on correlations between signals in operational technology (OT). It emphasizes the significance of early anomaly detection to prevent physical damage and financial losses from such attacks, particularly by utilizing machine learning for processing multivariate time series data. The approach integrates seamlessly with existing ICS cybersecurity measures, targeting specific anomalies in OT telemetry without relying on attack nature.

Embed presentation

Downloaded 43 times
Andrey Β Lavrentyev Head Β of Β Technology Β Research Β Department, Future Β Technologies, Kaspersky Β Lab Detecting Β ICS Β Attacks Β Using Β  Β  Recurrent Β Neural Β Networks Β  (RNN)
Plant PLC SCADA INDUSTRIAL Β DATA: β€’ Multi-Β­channel Β ~ Β 104 Β  signals Β  β€’ Real-Β­time Β flow Β  Β ~ Β 100 Β ms β€’ Big Β history Β ~ Β years β€’ Noise, Β jitter, Β gaps, Β faults Β  β€’ Cross-Β­channel Β correlation ICS Β  PLC  – Programmable Β Logic Β Controller SCADA Β -Β­ Supervisory Β Control Β and Β Data Β Acquisition Β  system
Control Β Loop Set Β points Actuators Disturbance Controlled Β  variables Β  Cyber-Β­Physical System Sensors Β  Controller
Plant PLC SCADA Physical attacks Cyber attacks 0101010101010101 1010101010101010 ICS Β under Β Attack Attacks may target: -Β­ information technology (IT) or -Β­ operational technology (OT)
Attacks Β on Β OT Β are Β the Β most Β dangerous -Β­ quick damage to physical equipment -Β­ severe financial losses
How Β to Β detect Β attacks Β on Β OT? A clue: In any real-Β­world plant, all industrial signals (sensor and actuator values, control logic parameters) are correlated and governed by physical laws An attack that modifies one signal causes corresponding changes to other signals. These correlations between signals can be established using ML
MLAD Β -Β­ Machine Β Learning Β for Β Anomaly Β Detection Plant PLC SCADA Physical attacks Cyber attacks Traffic Mirroring OT Security Monitor DPI MLAD
Data-Β­Driven Β Anomaly Β Detection Β  1. Β Training Β under Β normal Β operating Β conditions Recurrent Β Neural Β Network Data: Β Multivariate Β Time Β Series 2. Β Online Β anomaly Β detection Β via Β prediction Β error ΓΌοƒΌ Anomaly Β interpretation Β based Β on Β matching Β errors Β to Β  specific Β signals ΓΌοƒΌ Early Β detection
Understanding Β Anomalies VALUE Change PERIOD Change PHASE Change
LSTM Β Recurrent Β Neural Β Network β€’ 2 Β layers Β (2 Β x Β 64) β€’ Input Β window Β size = Β prediction Β horizon (w) β€’ Regularization  – Dropout β€’ Optimization Β algorithm – RMSProp β€’ Loss Β function – MSE Activation: Β ReLU Activation: Β Linear
Anomaly Β Detection
Tennessee Β Eastman Β Process Β (TEP) Reactor Separator Condenser Stripper Purge Product G/H Inlet gases A, D, E and C
13 TEP
14 TEP
MLAD Β Key Β Features: ΓΌοƒΌ Early anomaly detection in OT telemetry ΓΌοƒΌ Anomaly interpretation ΓΌοƒΌ No dependence on the nature of an attack ΓΌοƒΌ Seamless integration with conventional ICS cybersecurity ΓΌοƒΌ Additional important layer of ICS cybersecurity focused on OT protection
References www.kaspersky.com mlad@kaspersky.com [1] MLAD Presentation https://youtu.be/xXWjfYcPi_Q [2] RNN-Β­based Early Cyber-Β­Attack Detection for the Tennessee Eastman Process. ICML 2017 Time Series Workshop, Sydney, Australia, 2017. https://arxiv.org/abs/1709.02232 [3] Multivariate Industrial Time Series with Cyber-Β­Attack Simulation: Fault Detection Using an LSTM-Β­based Predictive Data Model. NIPS 2016 Time Series Workshop, Barcelona, Spain, 2016. http://arxiv.org/abs/1612.06676 [4] ICS Anomaly Detection Panel https://www.youtube.com/watch?v=jeepkpqdurc&t=306s
Thank Β you!

More Related Content

PDF
Industrial Threats Landscape, H2'2017
byKaspersky
Β 
PDF
Максим Никандров. ΠœΡƒΠ»ΡŒΡ‚ΠΈΡˆΠΈΠ½Π° 10G Ρ†ΠΈΡ„Ρ€ΠΎΠ²ΠΎΠΉ ​подстанции β€” ΠΏΠΎΡ‚Π΅Π½Ρ†ΠΈΠ°Π»ΡŒΠ½Ρ‹Π΅ ​проблС...
byKaspersky
Β 
PDF
Антон Иванов. Kaspersky Open Single Management Platform – XDR ΠΏΠ»Π°Ρ‚Ρ„ΠΎΡ€ΠΌΠ° для Π²...
byKaspersky
Β 
PDF
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
byKaspersky
Β 
PDF
АртСм Π—ΠΈΠ½Π΅Π½ΠΊΠΎ. Vulnerability Assessment Π² ICS Π½Π° основС ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΈ ΠΈΠ· ΠΏΡƒΠ±Π»ΠΈΡ‡Π½...
byKaspersky
Β 
PDF
From Code to Customer: How to Make Software Products Secure
byKaspersky
Β 
PDF
Kaspersky Lab Transparency Principles
byKaspersky
Β 
PDF
Ransomware in targeted attacks
byKaspersky
Β 
Industrial Threats Landscape, H2'2017
byKaspersky
Β 
Максим Никандров. ΠœΡƒΠ»ΡŒΡ‚ΠΈΡˆΠΈΠ½Π° 10G Ρ†ΠΈΡ„Ρ€ΠΎΠ²ΠΎΠΉ ​подстанции β€” ΠΏΠΎΡ‚Π΅Π½Ρ†ΠΈΠ°Π»ΡŒΠ½Ρ‹Π΅ ​проблС...
byKaspersky
Β 
Антон Иванов. Kaspersky Open Single Management Platform – XDR ΠΏΠ»Π°Ρ‚Ρ„ΠΎΡ€ΠΌΠ° для Π²...
byKaspersky
Β 
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
byKaspersky
Β 
АртСм Π—ΠΈΠ½Π΅Π½ΠΊΠΎ. Vulnerability Assessment Π² ICS Π½Π° основС ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΈ ΠΈΠ· ΠΏΡƒΠ±Π»ΠΈΡ‡Π½...
byKaspersky
Β 
From Code to Customer: How to Make Software Products Secure
byKaspersky
Β 
Kaspersky Lab Transparency Principles
byKaspersky
Β 
Ransomware in targeted attacks
byKaspersky
Β 

What's hot

PPTX
A look at current cyberattacks in Ukraine
byKaspersky
Β 
PPTX
Purple Teaming ICS Networks
byDragos, Inc.
Β 
PPT
Panda Security2008
bytswong
Β 
PPTX
SANS Report: The State of Security in Control Systems Today
bySurfWatch Labs
Β 
PDF
Moti Sagey CPX keynote _Are All security products created equal
byMoti Sagey ΧžΧ•Χ˜Χ™ שגיא
Β 
PDF
Π”ΠΌΠΈΡ‚Ρ€ΠΈΠΉ ΠŸΡ€Π°Π²ΠΈΠΊΠΎΠ². ΠšΠΎΠ½Ρ†Π΅ΠΏΡ†ΠΈΡ ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½ΠΎΠΉ бСзопасности «роя» кибСрфизичСских...
byKaspersky
Β 
PPTX
Cyber intro 2017_hebrew
byMoti Sagey ΧžΧ•Χ˜Χ™ שגיא
Β 
PPTX
SANS ICS Security Survey Report 2016
byDerek Harp
Β 
PPTX
Mobile Security: 2016 Wrap-Up and 2017 Predictions
bySkycure
Β 
PPTX
Ecosystem
byMoti Sagey ΧžΧ•Χ˜Χ™ שגיא
Β 
PDF
Safety & Security in OT Environments - Cliff Martin, Principal Engineer, BAE ...
byPROFIBUS and PROFINET InternationaI - PI UK
Β 
PPTX
Supply Chain Threats to the US Energy Sector
byKaspersky
Β 
PDF
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
byBGA Cyber Security
Β 
PPTX
How Aetna Mitigated 701 Malware Infections on Mobile Devices
bySkycure
Β 
PDF
Trusted Environment. Blockchain for business: best practices, experience, tips
byKaspersky
Β 
PDF
Chaos engineering for cloud native security
byKennedy
Β 
PDF
Scalar Security Roadshow - Toronto Presentation
byScalar Decisions
Β 
PPTX
Tools for Evaluating Mobile Threat Defense Solutions
bySkycure
Β 
PDF
Π”ΠΆΠ°Π½ Π”Π΅ΠΌΠΈΡ€Π΅Π» (Вурция). Π’Π΅ΠΊΡƒΡ‰ΠΈΠΉ статус рСгулирования ΠΏΡ€ΠΎΠΌΡ‹ΡˆΠ»Π΅Π½Π½ΠΎΠΉ кибСрбСзопас...
byKaspersky
Β 
A look at current cyberattacks in Ukraine
byKaspersky
Β 
Purple Teaming ICS Networks
byDragos, Inc.
Β 
Panda Security2008
bytswong
Β 
SANS Report: The State of Security in Control Systems Today
bySurfWatch Labs
Β 
Moti Sagey CPX keynote _Are All security products created equal
byMoti Sagey ΧžΧ•Χ˜Χ™ שגיא
Β 
Π”ΠΌΠΈΡ‚Ρ€ΠΈΠΉ ΠŸΡ€Π°Π²ΠΈΠΊΠΎΠ². ΠšΠΎΠ½Ρ†Π΅ΠΏΡ†ΠΈΡ ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½ΠΎΠΉ бСзопасности «роя» кибСрфизичСских...
byKaspersky
Β 
Cyber intro 2017_hebrew
byMoti Sagey ΧžΧ•Χ˜Χ™ שגיא
Β 
SANS ICS Security Survey Report 2016
byDerek Harp
Β 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
bySkycure
Β 
Ecosystem
byMoti Sagey ΧžΧ•Χ˜Χ™ שגיא
Β 
Safety & Security in OT Environments - Cliff Martin, Principal Engineer, BAE ...
byPROFIBUS and PROFINET InternationaI - PI UK
Β 
Supply Chain Threats to the US Energy Sector
byKaspersky
Β 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
byBGA Cyber Security
Β 
How Aetna Mitigated 701 Malware Infections on Mobile Devices
bySkycure
Β 
Trusted Environment. Blockchain for business: best practices, experience, tips
byKaspersky
Β 
Chaos engineering for cloud native security
byKennedy
Β 
Scalar Security Roadshow - Toronto Presentation
byScalar Decisions
Β 
Tools for Evaluating Mobile Threat Defense Solutions
bySkycure
Β 
Π”ΠΆΠ°Π½ Π”Π΅ΠΌΠΈΡ€Π΅Π» (Вурция). Π’Π΅ΠΊΡƒΡ‰ΠΈΠΉ статус рСгулирования ΠΏΡ€ΠΎΠΌΡ‹ΡˆΠ»Π΅Π½Π½ΠΎΠΉ кибСрбСзопас...
byKaspersky
Β 

Similar to Detecting ICS Attacks Using Recurrent Neural Networks

PPTX
TOWARDS DETECTION CYBER ATTACKS PPT 1.pptx
byNagarajusabhavath
Β 
PPTX
A review of machine learning based anomaly detection
byMohamed Elfadly
Β 
PPTX
AI-Powered-Anomaly-Detection-in-Time-Series-Data.pptx
byd2023nagdevaryan
Β 
PPTX
AI-Powered-Anomaly-Detection-in-Time-Series-Data.pptx
byd2023nagdevaryan
Β 
PPTX
Seminar in NS presentaion first draft.pptx
byNaolTeshome2
Β 
PDF
Web server load prediction and anomaly detection from hypertext transfer prot...
byIJECEIAES
Β 
PDF
Network intrusion detection in big datasets using Spark environment and incre...
byIAESIJAI
Β 
PDF
Network intrusion detection in big datasets using Spark environment and incre...
byIAESIJAI
Β 
PPTX
Sequence to Sequence Pattern Learning Algorithm for Real-time Anomaly Detecti...
byGobinath Loganathan
Β 
PDF
IoT Guardian: A Novel Feature Discovery and Cooperative Game Theory Empowered...
byIJCNCJournal
Β 
PDF
Enhancing Time Series Anomaly Detection: A Hybrid Model Fusion Approach
byIJCI JOURNAL
Β 
PDF
An intrusion detection system for packet and flow based networks using deep n...
byIJECEIAES
Β 
PDF
High Performance NMF based Intrusion Detection System for Big Data IoT Traffic
byIJCNCJournal
Β 
PDF
High Performance NMF Based Intrusion Detection System for Big Data IOT Traffic
byIJCNCJournal
Β 
PDF
Detecting network attacks model based on a convolutional neural network
byIJECEIAES
Β 
PPTX
A review of machine learning based anomaly detection
byMohamed Elfadly
Β 
PDF
Deep Comparison Analysis : Statistical Methods and Deep Learning for Network ...
byAmit Kumar Jaiswal
Β 
PDF
IoT Guardian: A Novel Feature Discovery and Cooperative Game Theory Empowered...
byIJCNCJournal
Β 
PDF
Anomaly Detection - Discover unknown Frauds and Anomalies using Machine Learning
byKNIMESlides
Β 
PDF
BÀßler2022_Article_UnsupervisedAnomalyDetectionIn.pdf
byTadiyosHailemichael
Β 
TOWARDS DETECTION CYBER ATTACKS PPT 1.pptx
byNagarajusabhavath
Β 
A review of machine learning based anomaly detection
byMohamed Elfadly
Β 
AI-Powered-Anomaly-Detection-in-Time-Series-Data.pptx
byd2023nagdevaryan
Β 
AI-Powered-Anomaly-Detection-in-Time-Series-Data.pptx
byd2023nagdevaryan
Β 
Seminar in NS presentaion first draft.pptx
byNaolTeshome2
Β 
Web server load prediction and anomaly detection from hypertext transfer prot...
byIJECEIAES
Β 
Network intrusion detection in big datasets using Spark environment and incre...
byIAESIJAI
Β 
Network intrusion detection in big datasets using Spark environment and incre...
byIAESIJAI
Β 
Sequence to Sequence Pattern Learning Algorithm for Real-time Anomaly Detecti...
byGobinath Loganathan
Β 
IoT Guardian: A Novel Feature Discovery and Cooperative Game Theory Empowered...
byIJCNCJournal
Β 
Enhancing Time Series Anomaly Detection: A Hybrid Model Fusion Approach
byIJCI JOURNAL
Β 
An intrusion detection system for packet and flow based networks using deep n...
byIJECEIAES
Β 
High Performance NMF based Intrusion Detection System for Big Data IoT Traffic
byIJCNCJournal
Β 
High Performance NMF Based Intrusion Detection System for Big Data IOT Traffic
byIJCNCJournal
Β 
Detecting network attacks model based on a convolutional neural network
byIJECEIAES
Β 
A review of machine learning based anomaly detection
byMohamed Elfadly
Β 
Deep Comparison Analysis : Statistical Methods and Deep Learning for Network ...
byAmit Kumar Jaiswal
Β 
IoT Guardian: A Novel Feature Discovery and Cooperative Game Theory Empowered...
byIJCNCJournal
Β 
Anomaly Detection - Discover unknown Frauds and Anomalies using Machine Learning
byKNIMESlides
Β 
BÀßler2022_Article_UnsupervisedAnomalyDetectionIn.pdf
byTadiyosHailemichael
Β 

More from Kaspersky

PDF
АлСксСй Π“ΡƒΡ€Π΅Π²ΠΈΡ‡. ΠšΠΈΠ±Π΅Ρ€Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡ‚ΡŒ систСм управлСния соврСмСнных ΠΎΠ±ΡŠΠ΅ΠΊΡ‚ΠΎΠ² элС...
byKaspersky
Β 
PDF
Василий Π¨Π°ΡƒΡ€ΠΎ. Π Π°Π·Π²ΠΈΡ‚ΠΈΠ΅ кибСрбСзопасности АБУВП ​в условиях Ρ†ΠΈΡ„Ρ€ΠΎΠ²ΠΈΠ·Π°Ρ†ΠΈΠΈ ΠΏΡ€Π΅Π΄...
byKaspersky
Β 
PDF
ΠšΠΈΡ€ΠΈΠ»Π» Набойщиков. БистСмный ΠΏΠΎΠ΄Ρ…ΠΎΠ΄ ΠΊ Π·Π°Ρ‰ΠΈΡ‚Π΅ КИИ
byKaspersky
Β 
PDF
АндрСй Π‘ΡƒΠ²ΠΎΡ€ΠΎΠ², Максим ΠšΠ°Ρ€ΠΏΡƒΡ…ΠΈΠ½. БСнсация ΠΏΠΎΠ΄ микроскопом. ВивисСкция ΠΏΠ΅Ρ€Π²ΠΎΠ³ΠΎ...
byKaspersky
Β 
PPTX
The Log4Shell Vulnerability – explained: how to stay secure
byKaspersky
Β 
PDF
АлСксандр ΠšΠ°Ρ€ΠΏΠ΅Π½ΠΊΠΎ. Π£Ρ€ΠΎΠ²Π½ΠΈ зрСлости АБУ ВП ΠΊΠ°ΠΊ ΠΎΠ±ΡŠΠ΅ΠΊΡ‚ΠΎΠ² Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΈ ΠΏΠΎΠ΄Ρ…ΠΎΠ΄Ρ‹ ΠΊ ΡƒΠ½...
byKaspersky
Β 
PDF
АлСксандр Π›ΠΈΡ„Π°Π½ΠΎΠ². ΠŸΠ»Π°Ρ‚Ρ„ΠΎΡ€ΠΌΠ° Π³Ρ€Π°Π½ΠΈΡ‡Π½Ρ‹Ρ… вычислСний Siemens Industrial Edge: ΠΏΠ΅...
byKaspersky
Β 
PDF
The Log4Shell Vulnerability – explained: how to stay secure
byKaspersky
Β 
PDF
Максим Π‘ΠΎΡ€ΠΎΠ΄ΡŒΠΊΠΎ. Π‘ΠΏΡƒΡ„ΠΈΠ½Π³ GNSS β€” новая ΡƒΠ³Ρ€ΠΎΠ·Π° для критичСской инфраструктуры
byKaspersky
Β 
PDF
ΠšΠΎΠ½ΡΡ‚Π°Π½Ρ‚ΠΈΠ½ Π ΠΎΠ΄ΠΈΠ½. ΠžΠ±Π΅ΡΠΏΠ΅Ρ‡Π΅Π½ΠΈΠ΅ Π΄ΠΎΠ²Π΅Ρ€Π΅Π½Π½ΠΎΠΉ срСды ΡƒΠ΄Π°Π»Π΅Π½Π½ΠΎΠΉ Ρ€Π°Π±ΠΎΡ‚Ρ‹ Π² Ρ€Π°ΠΌΠΊΠ°Ρ… ​про...
byKaspersky
Β 
PDF
ΠœΠ°Ρ€ΠΈΡ Π“Π°Ρ€Π½Π°Π΅Π²Π°. Π¦Π΅Π»Π΅Π²Ρ‹Π΅ Π°Ρ‚Π°ΠΊΠΈ Π½Π° ΠΏΡ€ΠΎΠΌΡ‹ΡˆΠ»Π΅Π½Π½Ρ‹Π΅ ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΠΈ Π² 2020/2021
byKaspersky
Β 
PDF
ОлСг Π¨Π°ΠΊΠΈΡ€ΠΎΠ². Дипломатия ΠΈ Π·Π°Ρ‰ΠΈΡ‚Π° критичСской инфраструктуры ΠΎΡ‚ ΠΊΠΈΠ±Π΅Ρ€ΡƒΠ³Ρ€ΠΎΠ·
byKaspersky
Β 
PDF
АлСксандр Π’ΠΎΠ»ΠΎΡˆΠΈΠ½. ΠšΠΈΠ±Π΅Ρ€ΠΏΠΎΠ»ΠΈΠ³ΠΎΠ½ "Цифровая энСргСтика". ИсслСдования ΠΈ Ρ€Π°Π·Ρ€Π°Π±ΠΎ...
byKaspersky
Β 
PDF
Π˜Π³ΠΎΡ€ΡŒ Π Ρ‹ΠΆΠΎΠ². ΠŸΡ€ΠΎΠ΅ΠΊΡ‚Ρ‹ ΠΏΠΎ Π·Π°Ρ‰ΠΈΡ‚Π΅ АБУ ВП Π²Ρ‡Π΅Ρ€Π°, сСгодня, Π·Π°Π²Ρ‚Ρ€Π°
byKaspersky
Β 
PDF
ΠœΠ°Ρ€ΠΈΠ½Π° Π‘ΠΎΡ€ΠΎΠΊΠΈΠ½Π°. ΠšΡ€ΠΈΠΏΡ‚ΠΎΠ³Ρ€Π°Ρ„ΠΈΡ для ΠΏΡ€ΠΎΠΌΡ‹ΡˆΠ»Π΅Π½Π½Ρ‹Ρ… систСм
byKaspersky
Β 
PDF
Π’Π΅Π½ΠΈΠ°ΠΌΠΈΠ½ Π›Π΅Π²Ρ†ΠΎΠ². CтратСгия трансформации Ρ€Π΅ΡˆΠ΅Π½ΠΈΠΉ Π›Π°Π±ΠΎΡ€Π°Ρ‚ΠΎΡ€ΠΈΠΈ ΠšΠ°ΡΠΏΠ΅Ρ€ΡΠΊΠΎΠ³ΠΎ для ...
byKaspersky
Β 
PDF
Π“Π»Π΅Π± Π”ΡŒΡΠΊΠΎΠ½ΠΎΠ². ИИ-Π²ΠΈΠ΄Π΅ΠΎΠ°Π½Π°Π»ΠΈΡ‚ΠΈΠΊΠ° ΠΊΠ°ΠΊ инструмСнт ΠΊΠΎΡ€ΠΏΠΎΡ€Π°Ρ‚ΠΈΠ²Π½ΠΎΠ³ΠΎ риск-ΠΌΠ΅Π½Π΅Π΄ΠΆΠΌΠ΅Π½...
byKaspersky
Β 
PDF
Π•Π²Π³Π΅Π½ΠΈΠΉ Π”Ρ€ΡƒΠΆΠΈΠ½ΠΈΠ½. Как Π½Π΅ ΡΠ»ΠΎΠΌΠ°Ρ‚ΡŒ: Ρ‡Ρ‚ΠΎ Π²Π°ΠΆΠ½ΠΎ ΡƒΡ‡Π΅ΡΡ‚ΡŒ ΠΏΠ΅Ρ€Π΅Π΄, Π² Ρ…ΠΎΠ΄Π΅ ΠΈ послС Ρ€Π΅Π°Π»...
byKaspersky
Β 
PDF
Π‘Π΅Ρ€Π³Π΅ΠΉ Π Π°Π΄ΠΎΡˆΠΊΠ΅Π²ΠΈΡ‡. ΠšΠΈΠ±Π΅Ρ€Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡ‚ΡŒ Π² судоходной Π΄Π΅ΡΡ‚Π΅Π»ΡŒΠ½ΠΎΡΡ‚ΠΈ ΠΎΡ€Π³Π°Π½ΠΈΠ·Π°Ρ†ΠΈΠΉ. О...
byKaspersky
Β 
PDF
АлСксСй Иванов. РСализация ΠΏΡ€ΠΎΠ΅ΠΊΡ‚ΠΎΠ² АБУ ВП элСктричСских подстанций ​в соотвС...
byKaspersky
Β 
АлСксСй Π“ΡƒΡ€Π΅Π²ΠΈΡ‡. ΠšΠΈΠ±Π΅Ρ€Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡ‚ΡŒ систСм управлСния соврСмСнных ΠΎΠ±ΡŠΠ΅ΠΊΡ‚ΠΎΠ² элС...
byKaspersky
Β 
Василий Π¨Π°ΡƒΡ€ΠΎ. Π Π°Π·Π²ΠΈΡ‚ΠΈΠ΅ кибСрбСзопасности АБУВП ​в условиях Ρ†ΠΈΡ„Ρ€ΠΎΠ²ΠΈΠ·Π°Ρ†ΠΈΠΈ ΠΏΡ€Π΅Π΄...
byKaspersky
Β 
ΠšΠΈΡ€ΠΈΠ»Π» Набойщиков. БистСмный ΠΏΠΎΠ΄Ρ…ΠΎΠ΄ ΠΊ Π·Π°Ρ‰ΠΈΡ‚Π΅ КИИ
byKaspersky
Β 
АндрСй Π‘ΡƒΠ²ΠΎΡ€ΠΎΠ², Максим ΠšΠ°Ρ€ΠΏΡƒΡ…ΠΈΠ½. БСнсация ΠΏΠΎΠ΄ микроскопом. ВивисСкция ΠΏΠ΅Ρ€Π²ΠΎΠ³ΠΎ...
byKaspersky
Β 
The Log4Shell Vulnerability – explained: how to stay secure
byKaspersky
Β 
АлСксандр ΠšΠ°Ρ€ΠΏΠ΅Π½ΠΊΠΎ. Π£Ρ€ΠΎΠ²Π½ΠΈ зрСлости АБУ ВП ΠΊΠ°ΠΊ ΠΎΠ±ΡŠΠ΅ΠΊΡ‚ΠΎΠ² Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΈ ΠΏΠΎΠ΄Ρ…ΠΎΠ΄Ρ‹ ΠΊ ΡƒΠ½...
byKaspersky
Β 
АлСксандр Π›ΠΈΡ„Π°Π½ΠΎΠ². ΠŸΠ»Π°Ρ‚Ρ„ΠΎΡ€ΠΌΠ° Π³Ρ€Π°Π½ΠΈΡ‡Π½Ρ‹Ρ… вычислСний Siemens Industrial Edge: ΠΏΠ΅...
byKaspersky
Β 
The Log4Shell Vulnerability – explained: how to stay secure
byKaspersky
Β 
Максим Π‘ΠΎΡ€ΠΎΠ΄ΡŒΠΊΠΎ. Π‘ΠΏΡƒΡ„ΠΈΠ½Π³ GNSS β€” новая ΡƒΠ³Ρ€ΠΎΠ·Π° для критичСской инфраструктуры
byKaspersky
Β 
ΠšΠΎΠ½ΡΡ‚Π°Π½Ρ‚ΠΈΠ½ Π ΠΎΠ΄ΠΈΠ½. ΠžΠ±Π΅ΡΠΏΠ΅Ρ‡Π΅Π½ΠΈΠ΅ Π΄ΠΎΠ²Π΅Ρ€Π΅Π½Π½ΠΎΠΉ срСды ΡƒΠ΄Π°Π»Π΅Π½Π½ΠΎΠΉ Ρ€Π°Π±ΠΎΡ‚Ρ‹ Π² Ρ€Π°ΠΌΠΊΠ°Ρ… ​про...
byKaspersky
Β 
ΠœΠ°Ρ€ΠΈΡ Π“Π°Ρ€Π½Π°Π΅Π²Π°. Π¦Π΅Π»Π΅Π²Ρ‹Π΅ Π°Ρ‚Π°ΠΊΠΈ Π½Π° ΠΏΡ€ΠΎΠΌΡ‹ΡˆΠ»Π΅Π½Π½Ρ‹Π΅ ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΠΈ Π² 2020/2021
byKaspersky
Β 
ОлСг Π¨Π°ΠΊΠΈΡ€ΠΎΠ². Дипломатия ΠΈ Π·Π°Ρ‰ΠΈΡ‚Π° критичСской инфраструктуры ΠΎΡ‚ ΠΊΠΈΠ±Π΅Ρ€ΡƒΠ³Ρ€ΠΎΠ·
byKaspersky
Β 
АлСксандр Π’ΠΎΠ»ΠΎΡˆΠΈΠ½. ΠšΠΈΠ±Π΅Ρ€ΠΏΠΎΠ»ΠΈΠ³ΠΎΠ½ "Цифровая энСргСтика". ИсслСдования ΠΈ Ρ€Π°Π·Ρ€Π°Π±ΠΎ...
byKaspersky
Β 
Π˜Π³ΠΎΡ€ΡŒ Π Ρ‹ΠΆΠΎΠ². ΠŸΡ€ΠΎΠ΅ΠΊΡ‚Ρ‹ ΠΏΠΎ Π·Π°Ρ‰ΠΈΡ‚Π΅ АБУ ВП Π²Ρ‡Π΅Ρ€Π°, сСгодня, Π·Π°Π²Ρ‚Ρ€Π°
byKaspersky
Β 
ΠœΠ°Ρ€ΠΈΠ½Π° Π‘ΠΎΡ€ΠΎΠΊΠΈΠ½Π°. ΠšΡ€ΠΈΠΏΡ‚ΠΎΠ³Ρ€Π°Ρ„ΠΈΡ для ΠΏΡ€ΠΎΠΌΡ‹ΡˆΠ»Π΅Π½Π½Ρ‹Ρ… систСм
byKaspersky
Β 
Π’Π΅Π½ΠΈΠ°ΠΌΠΈΠ½ Π›Π΅Π²Ρ†ΠΎΠ². CтратСгия трансформации Ρ€Π΅ΡˆΠ΅Π½ΠΈΠΉ Π›Π°Π±ΠΎΡ€Π°Ρ‚ΠΎΡ€ΠΈΠΈ ΠšΠ°ΡΠΏΠ΅Ρ€ΡΠΊΠΎΠ³ΠΎ для ...
byKaspersky
Β 
Π“Π»Π΅Π± Π”ΡŒΡΠΊΠΎΠ½ΠΎΠ². ИИ-Π²ΠΈΠ΄Π΅ΠΎΠ°Π½Π°Π»ΠΈΡ‚ΠΈΠΊΠ° ΠΊΠ°ΠΊ инструмСнт ΠΊΠΎΡ€ΠΏΠΎΡ€Π°Ρ‚ΠΈΠ²Π½ΠΎΠ³ΠΎ риск-ΠΌΠ΅Π½Π΅Π΄ΠΆΠΌΠ΅Π½...
byKaspersky
Β 
Π•Π²Π³Π΅Π½ΠΈΠΉ Π”Ρ€ΡƒΠΆΠΈΠ½ΠΈΠ½. Как Π½Π΅ ΡΠ»ΠΎΠΌΠ°Ρ‚ΡŒ: Ρ‡Ρ‚ΠΎ Π²Π°ΠΆΠ½ΠΎ ΡƒΡ‡Π΅ΡΡ‚ΡŒ ΠΏΠ΅Ρ€Π΅Π΄, Π² Ρ…ΠΎΠ΄Π΅ ΠΈ послС Ρ€Π΅Π°Π»...
byKaspersky
Β 
Π‘Π΅Ρ€Π³Π΅ΠΉ Π Π°Π΄ΠΎΡˆΠΊΠ΅Π²ΠΈΡ‡. ΠšΠΈΠ±Π΅Ρ€Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡ‚ΡŒ Π² судоходной Π΄Π΅ΡΡ‚Π΅Π»ΡŒΠ½ΠΎΡΡ‚ΠΈ ΠΎΡ€Π³Π°Π½ΠΈΠ·Π°Ρ†ΠΈΠΉ. О...
byKaspersky
Β 
АлСксСй Иванов. РСализация ΠΏΡ€ΠΎΠ΅ΠΊΡ‚ΠΎΠ² АБУ ВП элСктричСских подстанций ​в соотвС...
byKaspersky
Β 

Recently uploaded

PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
Β 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
Β 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
Β 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
Β 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
Β 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
Β 
PDF
December Patch Tuesday
byIvanti
Β 
PDF
API-First Architecture in Financial Systems
bycyy111112
Β 
PDF
The year in review - MarvelClient in 2025
bypanagenda
Β 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
Β 
PPTX
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
Β 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
Β 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
Β 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
Β 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
Β 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
Β 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
Β 
PDF
Unser JahresrΓΌckblick – MarvelClient in 2025
bypanagenda
Β 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
Β 
PDF
Greetings All Students Update 3 by Mia Corp
byΒ©LDMMIA, Β©Reiki Yoga
Β 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
Β 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
Β 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
Β 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
Β 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
Β 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
Β 
December Patch Tuesday
byIvanti
Β 
API-First Architecture in Financial Systems
bycyy111112
Β 
The year in review - MarvelClient in 2025
bypanagenda
Β 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
Β 
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
Β 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
Β 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
Β 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
Β 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
Β 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
Β 
cybercrime in Information security .pptx
byismaeelsahib032
Β 
Unser JahresrΓΌckblick – MarvelClient in 2025
bypanagenda
Β 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
Β 
Greetings All Students Update 3 by Mia Corp
byΒ©LDMMIA, Β©Reiki Yoga
Β 

Detecting ICS Attacks Using Recurrent Neural Networks

  • 1.
    Andrey Β Lavrentyev Head Β ofΒ Technology Β Research Β Department, Future Β Technologies, Kaspersky Β Lab Detecting Β ICS Β Attacks Β Using Β  Β  Recurrent Β Neural Β Networks Β  (RNN)
  • 2.
    Plant PLC SCADA INDUSTRIAL Β DATA: β€’ Multi-Β­channelΒ ~ Β 104 Β  signals Β  β€’ Real-Β­time Β flow Β  Β ~ Β 100 Β ms β€’ Big Β history Β ~ Β years β€’ Noise, Β jitter, Β gaps, Β faults Β  β€’ Cross-Β­channel Β correlation ICS Β  PLC  – Programmable Β Logic Β Controller SCADA Β -Β­ Supervisory Β Control Β and Β Data Β Acquisition Β  system
  • 3.
    Control Β Loop Set Β points Actuators Disturbance ControlledΒ  variables Β  Cyber-Β­Physical System Sensors Β  Controller
  • 4.
    Plant PLC SCADA Physical attacks Cyber attacks 0101010101010101 1010101010101010 ICSΒ under Β Attack Attacks may target: -Β­ information technology (IT) or -Β­ operational technology (OT)
  • 5.
    Attacks Β on Β OTΒ are Β the Β most Β dangerous -Β­ quick damage to physical equipment -Β­ severe financial losses
  • 6.
    How Β to Β detectΒ attacks Β on Β OT? A clue: In any real-Β­world plant, all industrial signals (sensor and actuator values, control logic parameters) are correlated and governed by physical laws An attack that modifies one signal causes corresponding changes to other signals. These correlations between signals can be established using ML
  • 7.
    MLAD Β -Β­ MachineΒ Learning Β for Β Anomaly Β Detection Plant PLC SCADA Physical attacks Cyber attacks Traffic Mirroring OT Security Monitor DPI MLAD
  • 8.
    Data-Β­Driven Β Anomaly Β DetectionΒ  1. Β Training Β under Β normal Β operating Β conditions Recurrent Β Neural Β Network Data: Β Multivariate Β Time Β Series 2. Β Online Β anomaly Β detection Β via Β prediction Β error ΓΌοƒΌ Anomaly Β interpretation Β based Β on Β matching Β errors Β to Β  specific Β signals ΓΌοƒΌ Early Β detection
  • 9.
  • 10.
    LSTM Β Recurrent Β NeuralΒ Network β€’ 2 Β layers Β (2 Β x Β 64) β€’ Input Β window Β size = Β prediction Β horizon (w) β€’ Regularization  – Dropout β€’ Optimization Β algorithm – RMSProp β€’ Loss Β function – MSE Activation: Β ReLU Activation: Β Linear
  • 11.
  • 12.
    Tennessee Β Eastman Β ProcessΒ (TEP) Reactor Separator Condenser Stripper Purge Product G/H Inlet gases A, D, E and C
  • 13.
  • 14.
  • 15.
    MLAD Β Key Β Features: ΓΌοƒΌEarly anomaly detection in OT telemetry ΓΌοƒΌ Anomaly interpretation ΓΌοƒΌ No dependence on the nature of an attack ΓΌοƒΌ Seamless integration with conventional ICS cybersecurity ΓΌοƒΌ Additional important layer of ICS cybersecurity focused on OT protection
  • 16.
    References www.kaspersky.com mlad@kaspersky.com [1] MLAD Presentation https://youtu.be/xXWjfYcPi_Q [2]RNN-Β­based Early Cyber-Β­Attack Detection for the Tennessee Eastman Process. ICML 2017 Time Series Workshop, Sydney, Australia, 2017. https://arxiv.org/abs/1709.02232 [3] Multivariate Industrial Time Series with Cyber-Β­Attack Simulation: Fault Detection Using an LSTM-Β­based Predictive Data Model. NIPS 2016 Time Series Workshop, Barcelona, Spain, 2016. http://arxiv.org/abs/1612.06676 [4] ICS Anomaly Detection Panel https://www.youtube.com/watch?v=jeepkpqdurc&t=306s
  • 17.