A Framework Based on Bag of Feature and CatBoost for Attack Detection and Attribution in Industrial Control Systems
Critical infrastructures are increasingly being connected to public networks aiming to boost operational efficiency. This exposes them to a wide range of cyberattacks. On the other hand, critical infrastructures are heavily relying on Industrial Control Systems (ICSs) for providing uninterrupted services. Due to the large number of ICS devices and vast geographical distance among them in a typical critical infrastructure network, we cannot rely on human-based cyberattack detection methods. In this regard, machine learning based solutions have been developed by researchers. The goal of this thesis is to develop a framework based on Semi-Deep Learning (SDL) for accurate detection and attribution of cyberattacks in ICSs. To this end, we propose a framework based on Bag of Feature (BoF) for accurate detection of cyberattacks. and utilizes Categorical Boosting (CatBoost) as the base predictor for attack attribution in ICSs. We refer to the proposed technique as ADA-BC (Attack Detection and Attribution using BoF and CatBoost). ADA-BC remarkably improves the accuracy of attack detection and attribution in ICSs.