A Prediction-Based Method for False Data Injection Attacks Detection in Industrial Control Systems

  • Lyes BayouEmail author
  • David Espes
  • Nora Cuppens-Boulahia
  • Frédéric Cuppens
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11391)


False data Injection attacks is an important security issue in Industrial Control Systems (ICS). Indeed, this kind of attack based on the manipulation and the transmission of corrupted sensing data, can lead to harmful consequences such as disturbing the infrastructure functioning, interrupting it or more again causing its destruction (overheating of a nuclear reactor). In this paper, we propose an unsupervised machine learning approach for false data injection attack detection. It uses a Recurrent Neural Network (RNN) for building a prediction model of expected sensing data. These latter are compared to received values and an alert security is raised if these values differ significantly.


  1. 1.
    Huang, Y.L., Cárdenas, A., Amin, S., Lin, Z.S., Tsai, H.Y., Sastry, S.: Understanding the physical and economic consequences of attacks on control systems. Int. J. Crit. Infrastruct. Prot. 2(3), 73–83 (2009)CrossRefGoogle Scholar
  2. 2.
    Rubio-Hernán, J., De Cicco, L., García-Alfaro, J.: Revisiting a watermark-based detection scheme to handle cyber-physical attacks. In: Proceedings - 2016 11th International Conference on Availability, Reliability and Security, ARES 2016 (2016) 21–28Google Scholar
  3. 3.
    Krotofil, M., Larsen, J., Gollmann, D.: The process matters : ensuring data veracity in cyber-physical systems. In: ACM Symposium on Information, Computer and Communications Security, pp. 133–144 (2015)Google Scholar
  4. 4.
    Adepu, S., Mathur, A.: Using process invariants to detect cyber attacks on a water treatment system. In: Hoepman, J.-H., Katzenbeisser, S. (eds.) SEC 2016. IAICT, vol. 471, pp. 91–104. Springer, Cham (2016). Scholar
  5. 5.
    Linda, O., Vollmer, T., Manic, M.: Neural network based intrusion detection system for critical infrastructures. In: 2009 International Joint Conference on Neural Networks, pp. 1827–1834 (2009)Google Scholar
  6. 6.
    Gollmann, D.: Veracity, plausibility, and reputation. In: Askoxylakis, I., Pöhls, H.C., Posegga, J. (eds.) WISTP 2012. LNCS, vol. 7322, pp. 20–28. Springer, Heidelberg (2012). Scholar
  7. 7.
    Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)CrossRefGoogle Scholar
  8. 8.
    Malhotra, P., Ramakrishnan, A., Anand, G., Vig, L., Agarwal, P., Shroff, G.: LSTM-based encoder-decoder for multi-sensor anomaly detection (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Lyes Bayou
    • 1
    Email author
  • David Espes
    • 2
  • Nora Cuppens-Boulahia
    • 1
  • Frédéric Cuppens
    • 1
  1. 1.IMT-Atlantique - LabSTICCCésson SévignéFrance
  2. 2.University of Western Brittany - LabSTICCBrestFrance

Personalised recommendations