Protecting cyber physical production systems using anomaly detection to enable self-adaptation

The industrial world is going through its fourth revolution also known as Industry 4.0. Modern industrial processes leverage advanced IT technologies to increase productivity and often combine multiple system concepts such as Internet of Things (IoT), Cyber Physical Systems (CPS) and Cloud Computing. Cyber Physical Production Systems (CPPS) are key enablers of this revolution. In CPPS, raw materials, machines, and operations are interconnected to form a sophisticated network. Protecting them against advanced cyber-threats is a priority concern for the future implementation of Industry 4.0 applications. Any impairment of such systems can lead, in fact, to catastrophic damages resulting in a substantial financial loss for governments, companies, as well as endanger the safety of the society. The need for high availability and reliability of these systems is therefore the pillar guiding our research. This paper proposes the adoption of anomaly detection as a method to support self-adaptation in CPPS and to ensure flexibility, reliability, and protection of industrial environments against modern cyber threats. An anomaly detection mechanism can be employed to monitor, and learn the normal behavior of an industrial system, and to generate alerts when the observed events indicate abnormal activities. On this concept we base our work, and we demonstrate how timely identifying critical security events can enable, through the self-adaptation (e.g., triggering automatic configuration changes), an efficient protection of the CPPS against advanced threats, and an effective containment of their effects.

[1]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[2]  Zhendong Ma,et al.  Security Viewpoint in a Reference Architecture Model for Cyber-Physical Production Systems , 2017, 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[3]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[4]  Seiichi Uchida,et al.  A Comparative Evaluation of Unsupervised Anomaly Detection Algorithms for Multivariate Data , 2016, PloS one.

[5]  Jeffrey O. Kephart,et al.  The Vision of Autonomic Computing , 2003, Computer.

[6]  Herbert J. Mattord,et al.  Principles of Information Security, 4th Edition , 2011 .

[7]  N. Jazdi,et al.  Cyber physical systems in the context of Industry 4.0 , 2014, 2014 IEEE International Conference on Automation, Quality and Testing, Robotics.

[8]  Alan Dearle,et al.  Self-Adaptation Applied to Peer-Set Maintenance in Chord via a Generic Autonomic Management Framework , 2010, 2010 Fourth IEEE International Conference on Self-Adaptive and Self-Organizing Systems Workshop.

[9]  Henry Muccini,et al.  Self-Adaptation for Cyber-Physical Systems: A Systematic Literature Review , 2016, 2016 IEEE/ACM 11th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS).

[10]  Paolo Arcaini,et al.  Modeling and Analyzing MAPE-K Feedback Loops for Self-Adaptation , 2015, 2015 IEEE/ACM 10th International Symposium on Software Engineering for Adaptive and Self-Managing Systems.

[11]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[12]  Florian Skopik,et al.  AECID: A Self-learning Anomaly Detection Approach based on Light-weight Log Parser Models , 2018, ICISSP.

[13]  Henry Muccini,et al.  Patterns for Self-Adaptation in Cyber-Physical Systems , 2017, Multi-Disciplinary Engineering for Cyber-Physical Production Systems.

[14]  Herbert J. Mattord,et al.  Principles of Information Security , 2004 .

[15]  Hsiao-Hwa Chen,et al.  Intrusion Detection in Cyber-Physical Systems: Techniques and Challenges , 2014, IEEE Systems Journal.

[16]  Tom Bartman,et al.  Securing communications for SCADA and critical industrial systems , 2016, 2016 69th Annual Conference for Protective Relay Engineers (CPRE).

[17]  Christoph Meinel,et al.  Advanced persistent threats: Behind the scenes , 2016, 2016 Annual Conference on Information Science and Systems (CISS).