Critical States Distance Filter Based Approach for Detection and Blockage of Cyberattacks in Industrial Control Systems

Industrial Control Systems (ICS) are integrated in many areas and critical infrastructures from manufacturing systems to energy production and distribution networks. Originally, these systems have been designed to insure the productivity and reliability of a system. Since the beginning of the century, ICS are targeted by hackers that use vulnerabilities in control-command architecture and component to physically damage the system and its environment. These vulnerabilities are induced by introduction of Information Technology (IT) that brings major improvements as communication speed or standardization of architecture. Furthermore, despite these advantages, IT provides incomplete or incompatible solutions from security point of view for ICS. This paper presents an innovative approach for detecting intrusions in ICS based on different works in safety and security fields. Indeed, by coupling the Filter Approach with theory of Intrusion Detection System (IDS), we propose an approach to detect and block orders that could damage the system. Moreover, the notion of distance between states is developed to anticipate potential attacks and distinguish cyberattacks from classical failures. The study is supported by simulation inspired by classical ICS and industrial platforms.

[1]  Igor Nai Fovino,et al.  Critical State-Based Filtering System for Securing SCADA Network Protocols , 2012, IEEE Transactions on Industrial Electronics.

[2]  Vahid Madani,et al.  Causal event graphs cyber-physical system intrusion detection system , 2013, CSIIRW '13.

[3]  Avishai Wool,et al.  Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems , 2013, Int. J. Crit. Infrastructure Prot..

[4]  Eric D. Knapp,et al.  Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems , 2011 .

[5]  Sébastien Henry,et al.  Logic control law design for automated manufacturing systems , 2012, Eng. Appl. Artif. Intell..

[6]  Ramesh Karri,et al.  Cybersecurity for Control Systems: A Process-Aware Perspective , 2016, IEEE Design & Test.

[7]  Frank Mueller,et al.  Time-based intrusion detection in cyber-physical systems , 2010, ICCPS '10.

[8]  Jeffrey L. Hieb,et al.  Improving cybersecurity for Industrial Control Systems , 2016, 2016 IEEE 25th International Symposium on Industrial Electronics (ISIE).

[9]  Stephen E. McLaughlin,et al.  Blocking unsafe behaviors in control systems through static and dynamic policy enforcement , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[10]  Qusay H. Mahmoud,et al.  Cyber physical systems security: Analysis, challenges and solutions , 2017, Comput. Secur..

[11]  Stéphane Lafortune,et al.  Predictability of event occurrences in partially-observed discrete-event systems , 2009, Autom..

[12]  Aiko Pras,et al.  Flow whitelisting in SCADA networks , 2013, Int. J. Crit. Infrastructure Prot..

[13]  Dang-Trinh Nguyen Online diagnosis for complex discrete event systems : mixed approach based on logical/probabilistic ; Diagnostic en ligne des systèmes à événements discrets complexes : approche mixte logique/probabiliste , 2015 .

[14]  Aiko Pras,et al.  Difficulties in Modeling SCADA Traffic: A Comparative Analysis , 2012, PAM.

[15]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[16]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[17]  Jean-Marie Flaus Risk Analysis: Socio-technical and Industrial Systems , 2013 .

[18]  Carlo Bellettini,et al.  A Product Machine Model for Anomaly Detection of Interposition Attacks on Cyber-Physical Systems , 2008, SEC.

[19]  Éric Zamaï Architecture de surveillance-commande pour les systèmes à événements discrets complexes , 1997 .

[20]  Igor Nai Fovino,et al.  A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems , 2011, IEEE Transactions on Industrial Informatics.

[21]  Zhiliang Wang,et al.  False sequential logic attack on SCADA system and its physical impact analysis , 2016, Comput. Secur..

[22]  Yong Wang,et al.  SRID: State Relation Based Intrusion Detection for False Data Injection Attacks in SCADA , 2014, ESORICS.

[23]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[24]  M. Combacau,et al.  A hierarchical and modular structure for FMS control and monitoring , 1990, Proceedings [1990]. AI, Simulation and Planning in High Autonomy Systems.

[25]  Frank Kargl,et al.  Sequence-aware Intrusion Detection in Industrial Control Systems , 2015, CPSS@ASIACSS.

[26]  Bruce H. Krogh,et al.  Monitoring Behavioral Evolution for On-Line Fault Detection , 1991 .

[27]  J. P. Bourey,et al.  Hierarchical specification and validation of operating sequences in the context of FMSs , 1991 .

[28]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[29]  Wenquan Feng,et al.  A Comprehensive Diagnosis of Hybrid Systems for Discrete and Parametric Faults Using Hybrid I/O Automata , 2015 .

[30]  Salima Benbernou,et al.  A survey on service quality description , 2013, CSUR.

[31]  Michail Maniatakos,et al.  The Cybersecurity Landscape in Industrial Control Systems , 2016, Proceedings of the IEEE.

[32]  Jean-Marie Flaus,et al.  Modeling and analysis of time invariant linear hybrid systems , 1998, SMC'98 Conference Proceedings. 1998 IEEE International Conference on Systems, Man, and Cybernetics (Cat. No.98CH36218).

[33]  Jun Chen,et al.  Stochastic Failure Prognosability of Discrete Event Systems , 2015, IEEE Transactions on Automatic Control.