Anomaly Detection Scheme Using Time Series Analysis for Industrial Control Systems

To improve the detecting accuracy of malicious traffic in industrial control systems(ICS),an innovative approach based on structural time series model is proposed. Industrial Ethernet traffic can be decomposed into four components. Each component is established by a state space model respectively,which brings out high fitting precision. Therefore compared with X-12,the average positive rate of this method increases by 38%. In the meanwhile,this method provides a way to decrease false positive rate and time complexity.