国際会議

On the Attack Detection Performance of Informationtheoretic Method in Industrial Control System
 著者
 T. Nishiuchi, Y. Abe, Y. Watanabe, M. Iwamoto, K. Sawada, and S. Shin
 会議名
 IECON 2024
 出版社
 IEEE
 発行年
 2024
(To appear)Abstract
Several relative entropybased methods have been studied in cyberattack detection of control systems. Most existing studies set the threshold values of relative entropy by trial and error such that their error probabilities become small. Meanwhile, the relationship between threshold values and error probabilities in likelihood ratio tests is clarified by Information theory. Information theory also clarifies the relationship between relative entropy and likelihood ratio test. To theoretically set the threshold, the authors have investigated the relationship between relative entropy and the likelihood ratio test using experimental data from DoS attacks and maninthemiddle attacks on control communication (Modbus TCP). This paper investigates the relationship between threshold values and error probabilities in actual experiments. Error probabilities are classified as false positive rates and false negative rates. NeymanPearson lemma shows how to construct a detector that considers the tradeoff between false positive and false negative rates. Stein's lemma shows how to give optimal threshold values. We build a detector from the two lemmas that consider the tradeoff with probability models of delay time between Response and ACK of Modbus TCP. We conduct experiments and discuss optimal threshold setting methods in the sense that the false positive rates cannot be further reduced when false positive rates are fixed.