Laura Hartmann
Steffen Wendzel
ABSTRACT
Data of industrial control systems (ICS) are increasingly subject to cyber attacks which should be detected by approaches such as anomaly detection before they can take effect. However, examples such as Stuxnet, Industroyer or Triton show that, despite all the precautions taken, it is still possible to overcome anomaly detection systems and cause damage. Similarly, damage can be made by intentional malicious and unintentional changes by employees in programming or configuration of ICS components. An example is an employee who unintentionally manipulates a machine's configuration to a higher temperature limit than it should have. The potential consequence would be that the machine overheats and breaks. The aim of the project MADISA (Machine Learning for Attack Detection Using Data of Industrial Control Systems) is to identify such anomalies in the data of ICS by examining the data-sets and creating a machine learning system (MLS) based on heuristics over meta-data, configurations and code content. For this purpose, this poster provides a structured analysis of real-world projects from a German automobile manufacturer which lead to first attributes in this unexplored approach for creating heuristics to anomaly detection of historic data in ICS.
- BBC. 2020. Iran nuclear: Natanz fire caused 'significant' damage. BBC News. Retrieved July 09, 2020 from bbc.com/news/world- middle-east-53300579Google Scholar
- Cheng Feng, Venkata Reddy Palleti, Aditya Mathur, and Deeph Chana. 2019. A Systematic Framework to Generate Invariants for Anomaly Detection in Industrial Control Systems. In Network and Distributed Systems Security (NDSS) Symposium 2019. NDSS, San Diego, CA, USA. https://doi.org/10.14722/ndss.2019.23265Google ScholarCross Ref
- Jiyar Gol. 2020. Iran blasts: What is behind mysterious fires at key sites? BBC Persian, BBC News. Retrieved July 09, 2020 from bbc.com/news/world-middle-east-53305940Google Scholar
- István Kiss, Béla Genge, Piroska Haller, and Gheorghe Sebestyén. 2014. Data clustering-based anomaly detection in industrial control systems. In 2014 IEEE 10th International Conference on Intelligent Computer Communication and Processing (ICCP). IEEE, Cluj Napoca, Romania, 275--281.Google ScholarCross Ref
- Christian Wressnegger, Ansgar Kellner, and Konrad Rieck. 2018. ZOE: Content-Based Anomaly Detection for Industrial Control Systems. In 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, Luxembourg City, Luxembourg, 127--138. https://doi.org/10.1109/DSN.2018.00025Google Scholar
- Hyunguk Yoo and Irfan Ahmed. 2019. Control Logic Injection Attacks on Industrial Control Systems. In SEC 2019: ICT Systems Security and Privacy Protection, Vol. 562. Springer, Cham, Switzerland, 33--48. https://doi.org/10.1007/978-3-030-22312-0_3Google Scholar
- Fan Zhang, Hansaka Angel Dias Edirisinghe Kodituwakku, J. Wesley Hines, and Jamie Coble. 2019. Multilayer Data-Driven Cyber-Attack Detection System for Industrial Control Systems Based on Network, System, and Process Data. IEEE Transactions on Industrial Informatics 15, 7 (July 2019), 4362--4369.Google Scholar
- Mu Zhang, Chien-Ying Chen, Bin-Chou Kao, Yassine Qamsane, Yuru Shao, Yikai Lin, Elaine Shi, Sibin Mohan, Kira Barton, James Moyne, and Z. Morley Mao. 2019. Towards Automated Safety Vetting of PLC Code in Real-World Plants. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, San Francisco, CA, USA, 522--538. https://doi.org/10.1109/SP.2019.00034Google Scholar
- R B Zhang, L H Xia, and Y Lu. 2019. Anomaly Detection of ICS based on EB-OCSVM. Journal of Physics: Conference Series 1267 (July 2019), 012054. https://doi.org/10.1088/1742-6596/1267/1/012054Google Scholar
Index Terms
Anomaly Detection in ICS based on Data-history Analysis
Recommendations
A Statistical Analysis Framework for ICS Process Datasets
CPSIOTSEC'20: Proceedings of the 2020 Joint Workshop on CPS&IoT Security and PrivacyIn recent years, several schemes have been proposed to detect anomalies and attacks on Cyber-Physical Systems (CPSs) such as Industrial Control Systems (ICSs). Based on the analysis of sensor data, unexpected or malicious behavior is detected. Those ...
Super Detector: An Ensemble Approach for Anomaly Detection in Industrial Control Systems
Critical Information Infrastructures SecurityAbstractIndustrial Control Systems encompass supervisory systems (SCADA) and cyber-physical components (sensors/actuators), which are typically deployed in critical infrastructure to control physical processes. Their interconnectedness and controllability ...
A Network Traffic Processing Library for ICS Anomaly Detection
ECBS 2021: 7th Conference on the Engineering of Computer Based SystemsAnomaly detection in industrial control systems based on traffic monitoring is one of the key components in securing these critical cyber-physical environments. Many anomaly detection methods have been proposed in the past decade. They are based on ...
Comments