Detecting control system misbehavior by fingerprinting programmable logic controller functionality

In recent years, attacks such as the Stuxnet malware have demonstrated that cyberattacks against control systems cause extensive damage. These attacks can result in physical damage to the networked systems under their control. In this paper, we discuss our approach for detecting such attacks by dist...

Full description

Saved in:
Bibliographic Details
Published in:International journal of critical infrastructure protection 2019-09, Vol.26, p.100306, Article 100306
Main Authors: Stockman, Melissa, Dwivedi, Dipankar, Gentz, Reinhard, Peisert, Sean
Format: Article
Language:English
Subjects:
cyber-physical systems
cybersecurity
machine learning
MATHEMATICS AND COMPUTING
programmable logic controller
side channels
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In recent years, attacks such as the Stuxnet malware have demonstrated that cyberattacks against control systems cause extensive damage. These attacks can result in physical damage to the networked systems under their control. In this paper, we discuss our approach for detecting such attacks by distinguishing between programs running on a programmable logic controller (PLC) without having to monitor communications. Using power signatures generated by an attached, high-frequency power measurement device, we can identify what a PLC is doing and when an attack may have altered what the PLC should be doing. To accomplish this, we generated labeled data for testing our methods and applied feature engineering techniques and machine learning models. The results demonstrate that Random Forests and Convolutional Neural Networks classify programs with up to 98% accuracy for major program differences and 84% accuracy for minor differences. Our results can be used for both online and offline applications.
ISSN:1874-5482
2212-2087
DOI:10.1016/j.ijcip.2019.100306