Distance Concept Based Filter Approach for Detection of Cyberattacks on Industrial Control Systems

Industrial Control Systems (ICS) have become a new target of attackers since the beginning of the century. Computer worm Stuxnet proved the vulnerability of these systems to cyber-attacks. Control-command architecture is built to ensure the safety and the reliability of the system and the environment, however, several attacks or studies have underlined the lack of protection of components in an ICS. They equally proved the incomplete solutions proposed by the Information technology (IT). This paper presents an innovative approach for intrusion detection system in ICS based on the notions of states and distance between sets of states. Distance assessment over time between common and forbidden states of the system provides the prediction and discrimination of deviations. A proposed algorithm analyses orders sent to actuators continuously and enables to stop dangerous orders for the system. This study is supported by simulations inspired by classical ICS.

[1]  Vahid Madani,et al.  Causal event graphs cyber-physical system intrusion detection system , 2013, CSIIRW '13.

[2]  Igor Nai Fovino,et al.  A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems , 2011, IEEE Transactions on Industrial Informatics.

[3]  Sébastien Henry,et al.  Logic control law design for automated manufacturing systems , 2012, Eng. Appl. Artif. Intell..

[4]  Frank Kargl,et al.  Sequence-aware Intrusion Detection in Industrial Control Systems , 2015, CPSS@ASIACSS.

[5]  Michail Maniatakos,et al.  The Cybersecurity Landscape in Industrial Control Systems , 2016, Proceedings of the IEEE.

[6]  J. P. Bourey,et al.  Hierarchical specification and validation of operating sequences in the context of FMSs , 1991 .

[7]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[8]  Pascale Marangé,et al.  Synthèse et filtrage robuste de la commande pour des systèmes manufacturiers sûrs de fonctionnement , 2008 .

[9]  Zhiliang Wang,et al.  False sequential logic attack on SCADA system and its physical impact analysis , 2016, Comput. Secur..

[10]  Yong Wang,et al.  SRID: State Relation Based Intrusion Detection for False Data Injection Attacks in SCADA , 2014, ESORICS.

[11]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[12]  Igor Nai Fovino,et al.  Critical State-Based Filtering System for Securing SCADA Network Protocols , 2012, IEEE Transactions on Industrial Electronics.