Denial of service attacks on network-based control systems: impact and mitigation

Replacing specialized industrial networks with the Internet is a growing trend in industrial informatics, where packets are used to transmit feedback and control signals between a plant and a controller. Today, denial of service (DoS) attacks cause significant disruptions to the Internet, which will threaten the operation of network-based control systems (NBCS). In this paper, we propose two queueing models to simulate the stochastic process of packet delay jitter and loss under DoS attacks. The motivation is to quantitatively investigate how these attacks degrade the performance of NBCS. The example control system consists of a proportional integral controller, a second-order plant, and two one-way delay vectors induced by attacks. The simulation results indicate that Model I attack (local network DoS attack) impairs the performance because a large number of NBCS packets are lost. Model II attack (nonlocal network DoS attack) deteriorates the performance or even destabilizes the system. In this case, the traffic for NBCS exhibits strong autocorrelation of delay jitter and packet loss. Mitigating measures based on packet filtering are discussed and shown to be capable of ameliorating the performance degradation.

[1]  Leonard Kleinrock,et al.  Queueing Systems: Volume I-Theory , 1975 .

[2]  Björn Wittenmark,et al.  Stochastic Analysis and Control of Real-time Systems with Random Time Delays , 1999 .

[3]  Y. Tipsuwan,et al.  Network-based control systems: a tutorial , 2001, IECON'01. 27th Annual Conference of the IEEE Industrial Electronics Society (Cat. No.37243).

[4]  Alfred C. Weaver Survey of industrial information technology , 2001, IECON'01. 27th Annual Conference of the IEEE Industrial Electronics Society (Cat. No.37243).

[5]  Allen D. Householder,et al.  Managing the Threat of Denial-of-Service Attacks , 2001 .

[6]  Kevin J. Houle,et al.  Trends in Denial of Service Attack Technology , 2001 .

[7]  Jin-woo Park,et al.  Transmission modeling and simulation for Internet-based control , 2001, IECON'01. 27th Annual Conference of the IEEE Industrial Electronics Society (Cat. No.37243).

[8]  Tzyh Jong Tarn,et al.  Internet-based teleoperation , 2001, Proceedings 2001 ICRA. IEEE International Conference on Robotics and Automation (Cat. No.01CH37164).

[9]  P. Marti,et al.  Control loop performance analysis over networked control systems , 2002, IEEE 2002 28th Annual Conference of the Industrial Electronics Society. IECON 02.

[10]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[11]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[12]  Rocky K. C. Chang,et al.  Defending against flooding-based distributed denial-of-service attacks: a tutorial , 2002, IEEE Commun. Mag..

[13]  Y. Tipsuwan,et al.  An implementation of a networked PI controller over IP network , 2003, IECON'03. 29th Annual Conference of the IEEE Industrial Electronics Society (IEEE Cat. No.03CH37468).

[14]  Y. Tipsuwan,et al.  Neural network middleware for model predictive path tracking of networked mobile robot over IP network , 2003, IECON'03. 29th Annual Conference of the IEEE Industrial Electronics Society (IEEE Cat. No.03CH37468).

[15]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[16]  Thilo Sauter,et al.  Effect of delay jitter on quality of control in EIA-852-based networks , 2003, IECON'03. 29th Annual Conference of the IEEE Industrial Electronics Society (IEEE Cat. No.03CH37468).

[17]  Hassan Aljifri,et al.  IP Traceback: A New Denial-of-Service Deterrent? , 2003, IEEE Secur. Priv..

[18]  Michalis Faloutsos,et al.  A nonstationary Poisson view of Internet traffic , 2004, IEEE INFOCOM 2004.