| dc.contributor.advisor | Retsef Levi | en_US |
| dc.contributor.author | Liu, Jessamyn. | en_US |
| dc.contributor.other | Massachusetts Institute of Technology. Operations Research Center. | en_US |
| dc.date.accessioned | 2021-01-05T23:15:45Z | |
| dc.date.available | 2021-01-05T23:15:45Z | |
| dc.date.copyright | 2020 | en_US |
| dc.date.issued | 2020 | en_US |
| dc.identifier.uri | https://hdl.handle.net/1721.1/129055 | |
| dc.description | Thesis: S.M., Massachusetts Institute of Technology, Sloan School of Management, Operations Research Center, September, 2020 | en_US |
| dc.description | Cataloged from PDF version of thesis. | en_US |
| dc.description | Includes bibliographical references (pages 119-123). | en_US |
| dc.description.abstract | Industrial control systems (ICS) are pervasive in modern society and increasingly under threat of cyber attack. Due to the critical nature of these systems, which govern everything from power and wastewater plants to refineries and manufacturing, a successful ICS cyber attack can result in serious physical consequences. This thesis evaluates multiple anomaly detection methods to quickly and accurately detect ICS cyber attacks. Two fundamental challenges in developing ICS cyber attack detection methods are the lack of historical attack data and the ability of attackers to make their malicious activity appear normal. The goal of this thesis is to develop methods which generalize well to anomalies that are not included in the training data and to increase the sensitivity of detection methods without increasing the false alarm rate. The thesis presents and analyzes a baseline detection method, the multivariate Shewhart control chart, and four extensions to the Shewhart chart which use machine learning or optimization methods to improve detection performance. Two of these methods, stationary subspace analysis and maximized ratio divergence analysis, are based on dimensionality reduction techniques, and an additional model-based method is implemented using residuals from LASSO regression models. The thesis also develops an ensemble method which uses an optimization formulation to combine the output of multiple models in a way that minimizes detection delay. When evaluated on 380 samples from the Kasperskey Tennessee Eastman process dataset, a simulated chemical process that includes disruptions from cyber attacks, the ensemble method reduced detection delay on attack data by 12% (55 minutes) on average when compared to the baseline method and was 9% (42 minutes) faster on average than the method which performed best on training data. | en_US |
| dc.description.statementofresponsibility | by Jessamyn Liu. | en_US |
| dc.format.extent | 123 pages | en_US |
| dc.language.iso | eng | en_US |
| dc.publisher | Massachusetts Institute of Technology | en_US |
| dc.rights | MIT theses may be protected by copyright. Please reuse MIT thesis content according to the MIT Libraries Permissions Policy, which is available through the URL provided. | en_US |
| dc.rights.uri | http://dspace.mit.edu/handle/1721.1/7582 | en_US |
| dc.subject | Operations Research Center. | en_US |
| dc.title | Anomaly detection methods for detecting cyber attacks in industrial control systems | en_US |
| dc.type | Thesis | en_US |
| dc.description.degree | S.M. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Operations Research Center | en_US |
| dc.contributor.department | Sloan School of Management | |
| dc.identifier.oclc | 1227095727 | en_US |
| dc.description.collection | S.M. Massachusetts Institute of Technology, Sloan School of Management, Operations Research Center | en_US |
| dspace.imported | 2021-01-05T23:15:44Z | en_US |
| mit.thesis.degree | Master | en_US |
| mit.thesis.department | Sloan | en_US |
| mit.thesis.department | OperRes | en_US |
