PROCESS SEMANTIC BASED CAUSAL MAPPING FOR SECURITY MONITORING AND ASSESSMENT OF CONTROL NETWORKS

摘要

Systems and methods are disclosed for security assessment in an Industrial Control System (ICS). A plurality of agents, disposed in the network at different control levels of the ICS, collects data including process variables related to control processes. A causal mapping module constructs a causal graph of nodes by mapping each of the process variables to a node, mapping semantics based directional relationships to edges between nodes, and assigning edge weights based on calculated pairwise causality measurements between nodes. An anomaly detection module analyzes dynamics of the causal graph over time to detect an anomaly in response to observing an abnormal edge weight evolution. A security assessment module performs a security assessment for a target node in the causal graph by assessing a criticality threshold for the target node based on number of causal relationships with the target node.