APPLICATION OF HIERARCHICAL CLUSTER ANALYSIS FOR CLUSTERING THE DATA OF ICS INFORMATION PROCESSES AFFECTED BY CYBERATTACKS

The technical development of industrial automation tools and an increase in the level of integration of industrial and corporate networks leads to an increase in the risks of successful cyberattacks. The implementation of such cyberattacks may involve gaining access to the control of important industrial installations, which entails the risk of stopping production or creating an emergency. The practical provision of information security for industrial control systems (ICS) requires the timely detection of cyberattacks, both known and unknown. These cyber-attacks can be identified as anomalies in dynamic processes that are regularly recorded during the operation of ICS. In the context of solving the problem of detecting attacks on ICS information systems, cluster analysis is used as one of the methods that implement anomaly detection. The application of hierarchical cluster analysis for clustering data of ICS information processes exposed to various cyberattacks is studied, the problem of choosing the level of the cluster hierarchy corresponding to the minimum set of clusters aggregating separately normal and abnormal data is solved. It is shown that Ward’s method implements the best division into clusters. The next stage of the study involves solving the problem of classifying the formed minimum set of clusters, that is, determining which cluster is normal and which cluster is abnormal.