Behavior Prediction for Industrial Control System

  • Shen WangEmail author
  • An Huang
  • Zhongchuan Fu
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 463)


While the Industrial control system(ICS) is making great progress for the society, it is facing a huge security risk at the same time. There are some methods like upgrading system and updating patches to protect the ICS, but they are inevitable lagging behind anyway. Byte-level is useful for network intrusion detection and does not need knowledge of the device to be detected. Based on the network data in the industrial control system, we propose an adaptive DBSCAN clustering method for extracting the control instructions in the data packet, and then learning these instructions with the n-gram model. According to received instructions, we are able to predict the next possible instruction. Whether the system is being attacked can be recommended by comparing the instruction that we forecast with the real instruction. Experiments show that the behavior prediction has high accuracy.


ICS Adaptive DBSCAN Behavior prediction N-gram 


  1. 1.
    Oaz, A., Ross, K., Low, R.M., Stamp, M.: HTTP attack detection using n-gram analysis. Comput. Secur. 45, 242–254 (2014)Google Scholar
  2. 2.
    Ienco, D., Bordogna, G.: Fuzzy extensions of the DBScan clustering algorithm. Soft comput. (2016).
  3. 3.
    Antunes, J., Neves, N., Verissimo, P.: Reverse engineering of protocols from network traces. In: 2011 18th Working Conference on Reverse Engineering (WCRE), pp. 169–178 (2011).
  4. 4.
    Narayan, J., Shukla, S.K., Clancy, T.C.: A survey of automatic protocol reverse engineering tools. ACM Comput. Surv. 48(3), 40 (2015)Google Scholar
  5. 5.
    Caballero, J., Song, D.: Automatic protocol reverse-engineering: message format extraction and field semantics inference. Int. J. Comput. Telecommun. Netw. 57(2), 451–474 (2013)Google Scholar
  6. 6.
    Ram, A.: A density based algorithm for discovering density varied clusters in large spatial databases. Int. J. comput. Appl. 3(6), 1–4 (2010)Google Scholar
  7. 7.
    Needleman, S.B., Wunsch, C.D.: A general method applicable to the search for similarities in the amino acid sequence of two proteins. J. Mol. Biol. 48, 443–453 (1970)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Harbin Institute of TechnologyHarbinChina
  2. 2.Computer Science and TechnologyHarbin Institute of TechnologyHarbinChina

Personalised recommendations