隨著工業資訊化的發展，許多工廠陸續導入資訊系統，為工廠的工業控制系統帶來了方便性。工業控制系統不僅重要還廣泛的應用在許多場域，應用的場域包含：發電廠、石化油業、水利設施、地鐵的防碰撞系統和製造業等。一旦工業控制系統遭受攻擊或是異常，不單單只是財務上的損失，更嚴重將危害人身安全。因此，為了維持工業控制系統的即時性和可用性，目前常見的應對方式是將傳統資訊網路的異常偵測機制導入工業控制系統，但在精準度上仍有不足。近年來深度學習技術發展進步，除了常見的圖片辨識、人臉辨識和自然語言處理等，在這些應用上有著良好的精準度。在深度學習中，卷積神經網路的使用範圍最廣。
本研究基於卷積神經網路當中的一維卷積神經網路，提出運用在工業控制系統的異常偵測模型，訓練多層一維卷積神經網路的異常偵測模型，透過封包內的數值轉換為時間序列，藉此來偵測異常的方法，最後透過訓練的結果，在封包長度相同的情狀，可以使用8層一維卷積神經網路，若封包長度不相同則可使用4層一維卷積神經網路和1層長短神經網路的組合。因為一維卷積神經網路的特點，讓訓練時間縮短5倍以上，在硬體上可以不需要GPU，只需要CPU即可訓練模型，讓硬體成本下降，在面對新的異常行為時，可以更快速的建立異常偵測模型。

With the development of industrial informatization, many factories have introduced information systems to facilitate industrial control systems in factories. Industrial control systems are not only important but also widely used in many fields, including power plants, the petrochemical oil industry, water conservancy facilities, subway anti-collision systems, and the manufacturing industry. Once the industrial control system is attacked or abnormal, not only financial loss but also will seriously endanger personal safety. Therefore, to maintain the immediacy and availability of the industrial control system, the common way to deal with the problem is to introduce the abnormality detection mechanism of traditional information networks into the industrial control system, but there is still a lack of accuracy. In recent years, the development of deep learning technology has advanced, and it has good accuracy in these applications, except for common picture recognition, face recognition, and natural language processing. In deep learning, convolutional neural networks are the most widely used.
Based on the one-dimensional convolutional neural network, this study proposes an abnormality detection model for industrial control systems and trains the abnormality detection model of a multi-layer one-dimensional convolutional neural network to detect abnormalities by converting the values in the packets into time series. can use an 8-layer one-dimensional convolutional neural network If the packet lengths are different, a combination of a 4-layer 1D convolutional neural network and a 1-layer short and long neural network can be used. Because of the characteristics of the 1D convolutional neural network, the training time can be shortened by more than 5 times, and the model can be trained by CPU only without GPU in the hardware so that the hardware cost can be reduced and the anomaly detection model can be built more quickly when facing new anomalous behaviors.

[1] P. Ackerman, Industrial Cybersecurity: Efficiently Secure Critical Infrastructure Systems, Birmingham, U.K.:Packt, 2017, [online] Available: https://books.google.com.au/books?id=FhlKDwAAQBAJ.
[2] S. Adepu and A. Mathur, "An investigation into the response of a water treatment system to cyber attacks", Institute of Electrical and Electronics Engineers International Symposium on High Assurance Systems Engineering (HASE), pp. 141-148, 2016.
[3] A. Al-Abassi, H. Karimipour, A. Dehghantanha and R. M. Parizi, "An ensemble deep learning-based cyber-attack detection in industrial control system", Institute of Electrical and Electronics Engineers Access, vol. 8, pp. 83965-83973, 2020.
[4] Cybersecurity and Infrastructure Security Agency（CISA）, Compromise of U.S.Water Treatment Facility, 2021, [online] Available: https://www.cisa.gov/uscert/ncas/alerts/aa21-042a.
[5] D. Fauri, B. de Wijs, J. den Hartog, E. Costante, E. Zambon and S. Etalle, "Encryption in ics networks: A blessing or a curse?", 2017 Institute of Electrical and Electronics Engineers International Conference on Smart Grid Communications (SmartGridComm), pp. 289-294, 2017.
[6] C. Feng, T. Li and D. Chana, "Multi-level anomaly detection in industrial control systems via package signatures and LSTM networks", 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 261-272, 2017.
[7] W. Gao, T. Morris, B. Reaves and D. Richey, "On SCADA control system command and response injection and intrusion detection", 2010 eCrime Researchers Summit, pp. 1-9, 2010.
[8] D. J. Gaushell and H. T. Darlington, "Supervisory control and data acquisition", Institute of Electrical and Electronics Engineers, vol. 75, no. 12, pp. 1645-1658, 1987.
[9] J. Goh, S. Adepu, M. Tan and Z. S. Lee, "Anomaly detection in cyber physical systems using recurrent neural networks", 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 140-145, 2017.
[10] S. Hochreiter and J. Schmidhuber, "Long short-term memory", Neural Comput., vol. 9, no. 8, pp. 1735-1780, 1997.
[11] J. Inoue, Y. Yamagata, Y. Chen, C. M. Poskitt and J. Sun, "Anomaly detection for a water treatment system using unsupervised machine learning", Institute of Electrical and Electronics Engineers International Conference on Data Mining Workshops (ICDMW), pp. 1058-1065, 2017.
[12] R. A. Jones and B. M. Horowitz, "A system-aware cyber security architecture", International Council on Systems Engineering, vol. 15, no. 2, pp. 225-240, 2012.
[13] S. Kiranyaz, O. Avci, O. Abdeljaber, T. Ince, M. Gabbouj and D. J. Inman, "1D convolutional neural networks and applications: A survey", Mechanical Systems and Signal Processing, vol. 151, 2021.
[14] M. Kravchik and A. Shabtai, "Detecting cyber attacks in industrial control systems using convolutional neural networks", Workshop on Cyber-Physical Systems Security and Privacy, pp. 72-83, 2018.
[15] R. Langner, "Stuxnet: Dissecting a cyberwarfare weapon", Institute of Electrical and Electronics Engineers Security & Privacy, vol. 9, no. 3, pp. 49-51, 2011.
[16] Y. LeCun et al., "Gradient-based learning applied to document recognition", Institute of Electrical and Electronics Engineers, vol. 86, no. 11, pp. 2278-2324, 1998.
[17] A. Lemay, J. Rochon, and J. M. Fernandez, "A Practical flow white list approach for SCADA systems", 4th International Symposium for ICS & SCADA Cyber Security Research, pp. 1-4, 2016.
[18] B. Miller and D. Rowe, "A survey SCADA of and critical infrastructure incidents", 1st Annual Conference on Research in Information Technology, pp. 51-56, 2012.
[19] A. P. Mathur and N. O. Tippenhauer, "SWaT: A water treatment testbed for research and training on ICS security", International Workshop Cyber- Physical Systems for Smart Water Networks (CySWater), pp. 31-36, 2016.
[20] Modbus Organization, "Inc Modbus messaging on tcp/ip implementation guide v1.0b", Modbus Organization, 2006, [online] Available: https://www.modbus.org/docs/Modbus_Messaging_Implementation_Guide_V1_0b.pdf.
[21] M. Niedermaier, A. von Bodisco, and D. Merli, "CoRT: A Communication Robustness Testbed for Industrial Control System Components," arXiv preprint, arXiv:1904.04286, 2019.
[22] R. I. Ogie, "Cyber security incidents on critical infrastructure and industrial networks," International Conference on Computer and Automation Engineering, pp. 254-258, 2017.
[23] E. U. H. Qazi, A. Almorjan, and T. Zia, “A One-Dimensional Convolutional Neural Network (1D-CNN) Based Deep Learning System for Network Intrusion Detection,” Applied Sciences, vol. 12, no. 16, p. 7986, 2022.
[24] R. L and P. Satyanarayana, "Vulnerability analysis and enhancement of security of communication protocol in industrial control systems", Helix - The Scientific Explorer Peer Reviewed Bimonthly International Journal, vol. 9, no. 04, pp. 5122-5127, 2019.
[25] P. Ramachandran, B. Zoph and Q. V. Le, "Searching for activation functions", arXiv preprint, arXiv:1710.05941, 2017.
[26] A. Rezai, P. Keshavarzi, and Z. Moravej, "Key management issue in SCADA networks: A review," Engineering Science and Technology, An International Journal, vol. 20, no. 1,pp. 354-363, 2017.
[27] L. M. Robert, A. J. Michael and C. Tim, "Analysis of the Cyber Attack on theUkrainian Power Grid", Electricity Information Sharing and Analysis Center (E-ISAC), 2016, [online] Available: https://ics.sans.org/media/E-ISACSANSUkraineDUC5.pdf.
[28] D. Shalyga, P. Filonov and A. Lavrentyev, "Anomaly detection for water treatment system based on neural network with automatic architecture optimization", arXiv preprint, arXiv:1807.07282, 2018, [online] Available: http://arxiv.org/abs/1807.07282.
[29] C. Shen, C. Liu, H. Tan, Z. Wang, D. Xu and X. Su, "Hybrid-Augmented Device Fingerprinting for Intrusion Detection in Industrial Control System Networks", Institute of Electrical and Electronics Engineers Wireless Communications., vol. 25, no. 6, pp. 26-31, 2018.
[30] D. Upadhyay and S. Sampalli, "SCADA (Supervisory Control and Data Acquisition)systems: Vulnerability assessment and security recommendations", Computers & Security, vol. 89, 2020.
[31] R. Vinayakumar, K. P. Soman and P. Poornachandran, " Applying convolutional neural network for network intrusion detection", International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 1222-1228, 2017.
[32] F. Xingjie, W. Guogenp, Z. ShiBIN and ChenHAO, "Industrial Control System Intrusion Detection Model based on LSTM & Attack Tree," International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP), pp. 255-260, 2020.
[33] X. Zhou, Z. Xu, L. Wang, K. Chen, C. Chen, and W. Zhang, "APT attack analysis in SCADA systems", MATEC Web of Conferences, vol. 173, 2018.