The protection of Industrial Control Systems (ICS) that are employed in public critical infrastructures is of utmost importance due to catastrophic physical damages cyberattacks may cause. The research community requires testbeds for validation and comparing various intrusion detection algorithms to protect ICS. However, there exist high barriers to entry for research and education in the ICS cybersecurity domain due to expensive hardware, software, and inherent dangers of manipulating real-world systems. To close the gap, built upon recently developed 3D high-fidelity simulators, we further showcase our integrated framework to automatically launch cyberattacks, collect data, train machine learning models, and evaluate for practical chemical and manufacturing processes. On our testbed, we validate our proposed intrusion detection model called Minimal Threshold and Window SVM (MinTWin SVM) that utilizes unsupervised machine learning via a one-class SVM in combination with a sliding window and classification threshold. Results show that MinTWin SVM minimizes false positives and is responsive to physical process anomalies. Furthermore, we incorporate our framework with ICS cybersecurity education by using our dataset in an undergraduate machine learning course where students gain hands-on experience in practicing machine learning theory with a practical ICS dataset. All of our implementations have been open-sourced.

翻译：公共关键基础设施中采用的工业控制系统（ICS）的保护至关重要，因为网络攻击可能造成灾难性的物理损害。研究界需要测试台来验证和比较各种入侵检测算法以保护ICS。然而，由于昂贵的硬件、软件以及操作真实系统的固有危险，ICS网络安全领域的研究与教育存在高准入门槛。为缩小这一差距，基于最近开发的3D高保真模拟器，我们进一步展示了我们的集成框架，可自动发起网络攻击、收集数据、训练机器学习模型，并针对实际的化学与制造过程进行评估。在我们的测试台上，我们验证了所提出的名为"最小阈值与窗口支持向量机"（MinTWin SVM）的入侵检测模型，该模型通过一类支持向量机结合滑动窗口与分类阈值，利用无监督机器学习方法。结果表明，MinTWin SVM可最小化误报率，并对物理过程异常具有响应性。此外，我们将该框架融入ICS网络安全教育，在本科生机器学习课程中使用我们的数据集，使学生能够通过实践ICS数据集获得机器学习理论的实际操作经验。我们的所有实现均已开源。