Critical infrastructures (CIs) are highly susceptible to cyber threats due to their crucial role in the nation and society. Intrusion Detection Systems (IDS) are deployed at the process level to enhance CI security. These process-level IDSs are broadly categorized into univariate and multivariate systems. Our research underscores that both types of systems encounter limitations, especially in handling correlations among process variables (PVs). Univariate IDSs neglect correlations by assessing PVs in isolation, while multivariate IDSs capture these but are vulnerable to evasion attacks. In response, we introduce ProIDS- a novel segmentation and segregation-based process-level IDS. ProIDS leverages the inherent correlations among PVs while segregating them into distinct units to enhance security against evolving threats. This strategic approach ensures the capture of correlations and mitigates the risk of evasion attacks, enhancing the system’s ability to detect abnormal activities. Additionally, ProIDS offers non-parametric modeling for heightened performance, minimal computational overhead, and noise reduction properties. Our comprehensive experiments demonstrate ProIDS’s superiority over baseline methods, delivering precise detection of various attacks while maintaining operational efficiency.

中文翻译：

---

ProIDS：基于分段和隔离的进程级入侵检测系统，用于保护关键基础设施


关键基础设施（CI）因其在国家和社会中的关键作用而极易受到网络威胁。入侵检测系统（IDS）部署在流程级别以增强 CI 安全性。这些进程级 IDS 大致分为单变量和多变量系统。我们的研究强调，两种类型的系统都存在局限性，特别是在处理过程变量 (PV) 之间的相关性方面。单变量 IDS 通过单独评估 PV 来忽略相关性，而多变量 IDS 可以捕获这些相关性，但容易受到逃避攻击。为此，我们引入了 ProIDS——一种新颖的基于分段和隔离的进程级 IDS。 ProIDS 利用 PV 之间的固有相关性，同时将它们分为不同的单元，以增强针对不断变化的威胁的安全性。这种战略方法可确保捕获相关性并降低规避攻击的风险，从而增强系统检测异常活动的能力。此外，ProIDS 还提供非参数建模，以提高性能、最小化计算开销和降噪特性。我们的综合实验证明了 ProIDS 相对于基线方法的优越性，可以精确检测各种攻击，同时保持运营效率。