Traffic Data Classification to Detect Man-in-the-Middle Attacks in Industrial Control System

Industrial Control Systems (ICS) are widely used in critical infrastructure in industries such as power, rail transit, and water conservancy. As the connection between the corporate network and the Internet continues to increase, the industrial control system has gradually become the target of hackers, which constantly threaten the personal safety of citizens. The Man-inthe-Middle (MITM) attack is one of the most famous attacks in the field of computer security. Once being used in the factory control network, it will not only cause data leakage, but also control the core industrial component PLC and cause serious security accidents. This paper proposes a method for classifying network traffic data in industrial control system to detect MITM attacks. In the simulation experiment, the method can identify normal and abnonnal data packets that have been tampered by the MITM, and the classification accuracy is up to 99.74%.