DOI: 10.14569/IJACSA.2023.0140636

Real-Time Intrusion Detection of Insider Threats in Industrial Control System Workstations Through File Integrity Monitoring

Author 1: Bakil Al-Muntaser
Author 2: Mohamad Afendee Mohamed
Author 3: Ammar Yaseen Tuama

International Journal of Advanced Computer Science and Applications(IJACSA), Volume 14 Issue 6, 2023.

Abstract: Industrial control systems (ICS) play a crucial role in various industries and ensuring their security is paramount for maintaining process continuity and reliability. In ICS, the most damaging cyber-attacks often come from trusted insiders rather than external threats or malware. Insiders have the advantage of bypassing security measures and staying undetected. This research focuses on developing a real-time intrusion detection system for ICS workstations that effectively detects insider threats while prioritizing user privacy. The approach employs file integrity monitoring to identify suspicious activities, particularly file violations such as data tampering and destruction. The model presented in this research demonstrates low system resource consumption by utilizing an event-triggered approach instead of continuous polling of file data. The model leverages built-in operating system functions, eliminating the need for third-party software installation. To minimize disruptions to the ICS network, the model operates at the supervisory level within the ICS architecture. Through extensive testing, the model achieves a high level of accuracy, detecting insider intrusions with a high true positive rate. This reliable detection capability contributes to enhancing the security of ICS and mitigating the risks associated with insider threats. By implementing this real-time intrusion detection system, organizations can effectively protect their control systems while preserving user privacy.

Keywords: Industrial control system; insider threats; intrusion detection; file integrity monitoring; SCADA security

Bakil Al-Muntaser, Mohamad Afendee Mohamed and Ammar Yaseen Tuama, “Real-Time Intrusion Detection of Insider Threats in Industrial Control System Workstations Through File Integrity Monitoring” International Journal of Advanced Computer Science and Applications(IJACSA), 14(6), 2023. http://dx.doi.org/10.14569/IJACSA.2023.0140636

@article{Al-Muntaser2023,
title = {Real-Time Intrusion Detection of Insider Threats in Industrial Control System Workstations Through File Integrity Monitoring},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2023.0140636},
url = {http://dx.doi.org/10.14569/IJACSA.2023.0140636},
year = {2023},
publisher = {The Science and Information Organization},
volume = {14},
number = {6},
author = {Bakil Al-Muntaser and Mohamad Afendee Mohamed and Ammar Yaseen Tuama}
}


Copyright Statement: This is an open access article licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, even commercially as long as the original work is properly cited.

IJACSA

Upcoming Conferences

IntelliSys 2025

28-29 August 2025

Future Technologies Conference 2025

6-7 November 2025

Healthcare Conference 2026

21-22 May 2026

Computing Conference 2026

9-10 July 2026

IntelliSys 2026

3-4 September 2026

Computer Vision Conference 2026

15-16 October 2026