Detecting stealthy attacks on industrial control systems using a permutation entropy-based method

The modern Industrial Control Systems (ICS) now exhibit an increasing connectivity to the corporate Internet Technology (IT) networks so as to make use of the rich resources in IT networks. The increasing interaction between ICS and the outside IT world, however, has made them an attractive target for a variety of cyber attacks, raising great need to secure the ICS. In ICS, skilled attackers can manipulate sensor readings or control signals until the system crashes, while still keeping the attack process hidden by closely following the expected behavior of the system. This kind of attacks is called stealthy attacks, which cannot be detected by traditional intrusion detection methods in which only the magnitudes of residuals are evaluated. In this paper, we show that the residuals generated during a stealthy attack present some sort of regularity besides the magnitudes. Based on this observation, we propose a novel permutation entropy-based approach to detect stealthy attacks on ICS. The permutation entropy can characterize the non-randomness contained in the residuals so as to distinguish the residuals during a stealthy attack from a random series effectively. A significant change of the permutation entropy indicates the occurrence of a stealthy attack. Finally, we conduct comprehensive experiments to verify the effectiveness of the proposed stealthy attack detection approach.