Methods from machine learning are being applied to design Industrial Control Systems resilient to cyber-attacks. Such methods focus on two major areas: the detection of intrusions at the network-level using the information acquired through network packets, and detection of anomalies at the physical process level using data that represents the physical behavior of the system. This survey focuses on four types of methods from machine learning in use for intrusion and anomaly detection, namely, supervised, semi-supervised, unsupervised, and reinforcement learning. Literature available in the public domain was carefully selected, analyzed, and placed in a 7-dimensional space for ease of comparison. The survey is targeted at researchers, students, and practitioners. Challenges associated in using the methods and research gaps are identified and recommendations are made to fill the gaps.
翻译:正在运用机器学习方法设计适应网络攻击的工业控制系统,这些方法侧重于两个主要领域:利用通过网络包获得的信息,探测网络一级的入侵;利用代表系统物理行为的数据,探测物理过程一级的异常;这项调查侧重于从机器学习用于入侵和异常探测的四种方法,即监督、半监督、无监督和强化学习;认真选择、分析并放置在7维空间,以便于比较;调查针对研究人员、学生和从业者;查明在使用这些方法和研究差距方面存在的挑战,并提出建议以填补空白。