Abstract Industrial Control Systems (ICS) are increasingly deployed in critical infrastructures. Originally designed to increase the productivity of ICS as well as safety and reliability, nowadays these systems are becoming the target of hackers. Several attacks highlighted vulnerabilities, the most relevant one, Stuxnet, stroke in 2010. Protection of ICS against cyberattacks has to be considered. Security of these systems is different from IT security solutions because exchanged data have physical consequences. For that, a new approach for Intrusion Detection System (IDS) in ICS was presented based on filters monitoring orders and reports. Methodology to obtain these filters and their locations in the ICS architecture were introduced. In this paper, we present major improvements in detection mechanisms of these filters. Distance concept, introduced in previous paper (Sicard et al., 2017), is developed and combined to trajectory concept that allows filters to detect deviations from expected behavior. Distance from optimal or forbidden states is essential to compute order sequence bringing back the system into safe states. Trajectory, which is the evolution of distance during state evolution, improves detection mechanism by analyzing sequences sent to the system and received by Programmable Logic Controller (PLC). This combinational security prevents damages against goods and people. Implementation of time based intrusion detection is a step forward for improving filters. Temporal windows indicate when actions have to be done and if received reports correspond to executed orders. Thus, our filter approach secures ICS against combinational and temporal attacks affecting security of goods and people or quality.
[1]
Eric Zamai,et al.
Fault diagnosis for the complex manufacturing system
,
2016
.
[2]
Hsiao-Hwa Chen,et al.
Intrusion Detection in Cyber-Physical Systems: Techniques and Challenges
,
2014,
IEEE Systems Journal.
[3]
Thomas H. Morris,et al.
A Specification-based Intrusion Detection Framework for Cyber-physical Environment in Electric Power System
,
2015,
Int. J. Netw. Secur..
[4]
Sébastien Henry,et al.
Logic control law design for automated manufacturing systems
,
2012,
Eng. Appl. Artif. Intell..
[5]
Ramesh Karri,et al.
Cybersecurity for Control Systems: A Process-Aware Perspective
,
2016,
IEEE Design & Test.
[6]
Michail Maniatakos,et al.
The Cybersecurity Landscape in Industrial Control Systems
,
2016,
Proceedings of the IEEE.
[7]
Ing-Ray Chen,et al.
A survey of intrusion detection techniques for cyber-physical systems
,
2014,
ACM Comput. Surv..
[8]
Igor Nai Fovino,et al.
A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems
,
2011,
IEEE Transactions on Industrial Informatics.
[9]
Avishai Wool,et al.
Automatic Construction of Statechart-Based Anomaly Detection Models for Multi-Threaded Industrial Control Systems
,
2017,
TIST.
[10]
Igor Nai Fovino,et al.
Critical State-Based Filtering System for Securing SCADA Network Protocols
,
2012,
IEEE Transactions on Industrial Electronics.
[11]
A. Tiwari,et al.
Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective
,
2017
.