A Forensic Logging System for Siemens Programmable Logic Controllers

Critical infrastructure assets are monitored and managed by industrial control systems. In recent years, these systems have evolved to adopt common networking standards that expose them to cyber attacks. Since programmable logic controllers are core components of industrial control systems, forensic examinations of these devices are vital during responses to security incidents. However, programmable logic controller forensics is a challenging task because of the lack of effective logging systems.

[1]  K. P. Chow,et al.  PLC Forensics Based on Control Program Logic Change Detection , 2015, J. Digit. Forensics Secur. Law.

[2]  K. P. Chow,et al.  Forensic Analysis of a Siemens Programmable Logic Controller , 2016, Critical Infrastructure Protection.

[3]  Stefano Panzieri,et al.  Improving network security monitoring for industrial control systems , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[4]  Volker Roth,et al.  PLC Guard: A practical defense against attacks on cyber-physical systems , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[5]  Siu-Ming Yiu,et al.  Detecting anomalous behavior of PLC using semi-supervised machine learning , 2017, 2017 IEEE Conference on Communications and Network Security (CNS).

[6]  K. P. Chow,et al.  Detecting Anomalous Programmable Logic Controller Events Using Machine Learning , 2017, IFIP Int. Conf. Digital Forensics.

[7]  Tina Wu,et al.  Exploring The Use Of PLC Debugging Tools For Digital Forensic Investigations On SCADA Systems , 2015, J. Digit. Forensics Secur. Law.

[8]  John H R May,et al.  Incident Analysis & Digital Forensics in SCADA and Industrial Control Systems , 2013 .

[9]  Volker Roth,et al.  Internet-facing PLCs as a network backdoor , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).