Multi-level anomaly detection in industrial control systems via package signatures and LSTM networks

We outline an anomaly detection method for industrial control systems (ICS) that combines the analysis of network package contents that are transacted between ICS nodes and their time-series structure. Specifically, we take advantage of the predictable and regular nature of communication patterns that exist between so-called field devices in ICS networks. By observing a system for a period of time without the presence of anomalies we develop a base-line signature database for general packages. A Bloom filter is used to store the signature database which is then used for package content level anomaly detection. Furthermore, we approach time-series anomaly detection by proposing a stacked Long Short Term Memory (LSTM) network-based softmax classifier which learns to predict the most likely package signatures that are likely to occur given previously seen package traffic. Finally, by the inspection of a real dataset created from a gas pipeline SCADA system, we show that an anomaly detection scheme combining both approaches can achieve higher performance compared to various current state-of-the-art techniques

A New Generation of X-ray Baggage Scanners Based on a Different Physical Principle

X-ray baggage scanners play a basic role in the protection of airports, customs, and other strategically important buildings and infrastructures. The current technology of baggage scanners is based on x-ray attenuation, meaning that the detection of threat objects relies on how various objects differently attenuate the x-ray beams going through them. This capability is enhanced by the use of dual-energy x-ray scanners, which make the determination of the x-ray attenuation characteristics of a material more precise by taking images with different x-ray spectra, and combining the information appropriately. However, this still has limitations whenever objects with similar attenuation characteristics have to be distinguished. We describe an alternative approach based on a different x-ray interaction phenomenon, x-ray refraction. Refraction is a familiar phenomenon in visible light (e.g., what makes a straw half immersed in a glass of water appear bent), which also takes place in the x-ray regime, only causing deviations at much smaller angles. Typically, these deviations occur at the boundaries of all objects. We have developed a system that, like other “phase contrast” based instruments, is capable of detecting such deviations, and therefore of creating precise images of the contours of all objects. This complements the material-related information provided by x-ray attenuation, and helps contextualizing the nature of the individual objects, therefore resulting in an increase of both sensitivity (increased detection rate) and specificity (reduced rate of false positives) of baggage scanners