Real-Time SCADA Attack Detection by Means of Formal Methods

SCADA control systems use programmable logic controller to interface with critical machines. SCADA systems are used in critical infrastructures, for instance, to control smart grid, oil pipelines, water distribution and chemical manufacturing plants: an attacker taking control of a SCADA system could cause various damages, both to the infrastructure but also to people (for instance, adding chemical substances into a water distribution systems). In this paper we propose a method to detect attacks targeting SCADA systems. We exploit model checking, in detail we model logs from SCADA systems into a network of timed automata and, through timed temporal logic, we characterize the behaviour of a SCADA system under attack. Experiments performed on a SCADA water distribution system confirmed the effectiveness of the proposed method.

[1]  Antonella Santone,et al.  Car hacking identification through fuzzy logic algorithms , 2017, 2017 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE).

[2]  Aiko Pras,et al.  Towards periodicity based anomaly detection in SCADA networks , 2012, Proceedings of 2012 IEEE 17th International Conference on Emerging Technologies & Factory Automation (ETFA 2012).

[3]  Coroiu Nicolae,et al.  SCADA: Supervisory Control and Data Acquisition , 2015 .

[4]  Antonella Santone,et al.  Infer Gene Regulatory Networks from Time Series Data with Probabilistic Model Checking , 2015, 2015 IEEE/ACM 3rd FME Workshop on Formal Methods in Software Engineering.

[5]  Antonella Santone,et al.  De novo reconstruction of gene regulatory networks from time series data, an approach based on formal methods. , 2014, Methods.

[6]  Ron Kohavi,et al.  Supervised and Unsupervised Discretization of Continuous Features , 1995, ICML.

[7]  Antonella Santone,et al.  Heuristic search for equivalence checking , 2014, Software & Systems Modeling.

[8]  Dayu Yang,et al.  Anomaly-Based Intrusion Detection for SCADA Systems , 2006 .

[9]  Julio J. Melero,et al.  Using high-frequency SCADA data for wind turbine performance monitoring: A sensitivity study , 2019, Renewable Energy.

[10]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[11]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[12]  Gerardo Canfora,et al.  Composition-Malware: Building Android Malware at Run Time , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[13]  Avi Ostfeld,et al.  Battle of the Attack Detection Algorithms: Disclosing Cyber Attacks on Water Distribution Networks , 2018, Journal of Water Resources Planning and Management.

[14]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..