Abstract
Industrial Control Systems (ICS) are integrated in many areas and critical infrastructures from manufacturing systems to energy production and distribution networks. Originally, these systems have been designed to insure the productivity and reliability of a system. Since the beginning of the century, ICS are targeted by hackers that use vulnerabilities in control-command architecture and component to physically damage the system and its environment. These vulnerabilities are induced by introduction of Information Technology (IT) that brings major improvements as communication speed or standardization of architecture. Furthermore, despite these advantages, IT provides incomplete or incompatible solutions from security point of view for ICS. This paper presents an innovative approach for detecting intrusions in ICS based on different works in safety and security fields. Indeed, by coupling the Filter Approach with theory of Intrusion Detection System (IDS), we propose an approach to detect and block orders that could damage the system. Moreover, the notion of distance between states is developed to anticipate potential attacks and distinguish cyberattacks from classical failures. The study is supported by simulation inspired by classical ICS and industrial platforms.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Fipway is no longer supported by Schneider Electric that focuses on Ethernet based protocols.
References
K. Stouffer, V. Pillitteri, S. Lightman, M. Abrams, A. Hahn, Guide to Industrial Control Systems (ICS) Security, National Institute of Standards and Technology, NIST SP 800-82r2 (2015)
J. Clarhaut, N. Dupoty, F. Ebel, J. Hennecart, F. Vicogne, Cyberdéfense: La sécurité de l’informatique industrielle (domotique, industrie, transports) Editions (ENI, France, 2015)
E.D. Knapp, Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, Scada, and Other Industrial Control Systems, 2nd edn. (Elsevier, Waltham, 2014)
Y. Ashibani, Q.H. Mahmoud, Cyber physical systems security: analysis, challenges and solutions. Comput. Secur. 68, 81–97 (2017)
ODVA, EtherNet/IP - CIP on Ethernet Technology (2016)
EtherCAT Technology Group, EtherCAT: The Ethernet Fieldbus (2012)
Y. Fourastier et al., Pietre-Cambacedes, Cybersécurité des installations industrielles: défendre ses systèmes numériques. Cépaduès Editions, 2015
S. McLaughlin et al., The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039–1057 (2016)
F. Khorrami, P. Krishnamurthy, R. Karri, Cybersecurity for control systems: a process-aware perspective. IEEE Des. Test 33(5), 75–83 (2016)
RISI - The Repository of Industrial Security Incidents, 09 Sept 2016. [En ligne]. Disponible sur: http://www.risidata.com/Database/event_date/asc. Consulté le: 09 Sept 2016
M. Abrams, J. Weiss, Malicious Control System Cyber Security Attack Case Study - Maroochy Water Services (Secur. Water Wastewater Syst, Australia 2008)
N. Falliere, L.O. Murchu, E. Chien, W32. stuxnet dossier. Symantec Security Response, Version 1.4, févr. (2011)
R.M. Lee, M.J. Assante, T. Conway, German steel mill cyber attack, in SANS ICS 2014 (2014)
R.M. Lee, M.J. Assante, T. Conway, Analysis of the Cyber Attack on the Ukrainian Power Grid, in SANS ICS 2016 (2016)
ICS-CERT, ICS-CERT/The Industrial Control Systems Cyber Emergency Response Team, 15 Sept 2016. [En ligne]. Disponible sur: https://ics-cert.us-cert.gov/. Consulté le: 15 Sept 2016
M. Caselli, E. Zambon, F. Kargl, Sequence-aware intrusion detection in industrial control systems, in Proceedings of the 1st ACM Workshop on Cyber-Physical System Security (New York, NY, 2015), pp. 13–24
W. Li, L. Xie, Z. Deng, Z. Wang, False sequential logic attack on SCADA system and its physical impact analysis. Comput. Secur. 58, 149–159 (2016)
Y. Wang, Z. Xu, J. Zhang, L. Xu, H. Wang, G. Gu, SRID: state relation based intrusion detection for False data injection attacks in SCADA, ed. by M. Kutyłowski, J. Vaidya, in Computer Security - ESORICS 2014 (Springer, Heidelberg, 2014), pp. 401–418
J. Graham, J. Hieb, J. Naber, Improving cybersecurity for industrial control systems, in 2016 IEEE 25th International Symposium on Industrial Electronics (ISIE) (2016), pp. 618–623
D.-T. Nguyen, Diagnostic en ligne des systèmes à événements discrets complexes: approche mixte logique/probabiliste, (Université Grenoble Alpes, Français, 2015)
D.E. Denning, An intrusion-detection model. IEEE Trans. Softw. Eng. 13(2), 222–232 (1987)
R. Mitchell, I.-R. Chen, A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. 46(4), 1–29 (2014)
S. Cheung, B. Dutertre, M. Fong, U. Lindqvist, K. Skinner, A. Valdes, Using model-based intrusion detection for SCADA networks, in Proceedings of the SCADA security scientific symposium, vol. 46 (2007), pp. 1–12
N. Goldenberg, A. Wool, Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. Int. J. Crit. Infrastruct. Prot. 6(2), 63–75 (2013)
R.R.R. Barbosa, R. Sadre, A. Pras, Difficulties in modeling SCADA traffic: a comparative analysis, in Passive and Active Measurement, vol. 7192 (Berlin, Germany, 2012), pp. 126–135
R.R.R. Barbosa, R. Sadre, A. Pras, Flow whitelisting in SCADA networks. Int. J. Crit. Infrastruct. Prot. 6(3–4), 150–158 (2013)
C. Zimmer, B. Bhat, F. Mueller, S. Mohan, Time-based intrusion detection in cyber-physical systems, in Proceedings of the 1st ACM/IEEE International Conference on Cyber-Physical Systems (New York, NY, 2010), pp. 109–118
C. Bellettini, J.L. Rrushi, A product machine model for anomaly detection of interposition attacks on cyber-physical systems, ed. by S. Jajodia, P. Samarati, S. Cimato, in Proceedings of The Ifip Tc 11 23rd International Information Security Conference (Springer, Boston, 2008), pp. 285–300
S. McLaughlin, Blocking unsafe behaviors in control systems through static and dynamic policy enforcement, in Proceedings of the 52nd Annual Design Automation Conference, (New York, NY, 2015), pp. 55:1–55:6
S. Pan, T. H. Morris, U. Adhikari, V. Madani, Causal event graphs cyber-physical system intrusion detection system, in Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop (New York, NY, 2013), pp. 40:1–40:4
A. Carcano, A. Coletta, M. Guglielmi, M. Masera, I. Nai Fovino, A. Trombetta, A Multidimensional critical state analysis for detecting intrusions in SCADA systems. IEEE Trans. Ind. Inform. 7(2), 179–186 (2011)
I.N. Fovino, A. Coletta, A. Carcano, M. Masera, Critical state-based filtering system for securing SCADA network protocols. IEEE Trans. Ind. Electron. 59(10), 3943–3950 (2012)
É. Zamaï, Architecture de surveillance-commande pour les systèmes à événements discrets complexes, PhD thesis, Université Paul Sabatier - Toulouse III (1997)
M. Combacau, M. Courvoisier, A hierarchical and modular structure for FMS control and monitoring, in Proceedings [1990]. AI, Simulation and Planning in High Autonomy Systems (1990), pp. 80–88
L.E. Holloway, B.H. Krogh, Monitoring behavioral evolution for on-line fault detection, in IFAC/IMACS International Conference “Fault Detection, Supervision and Safety for Technical Processes”, SAFEPROCESS’91 (Baden Baden, Germany, 1991), pp. 313–319
D. Cruette, J.P. Bourey, J.C. Gentina, Hierarchical specification and validation of operating sequences in the context of FMSs. Comput. Integr. Manuf. Syst. 4(3), 140–156 (1991)
J.M. Flaus, Risk Analysis: Socio–technical and Industrial Systems (Wiley, Somerset, 2013)
ANSSI. Ebios méthode de gestion des risques (2010)
G. Zhou, G. Biswas, W. Feng, A comprehensive diagnosis of hybrid systems for discrete and parametric faults using hybrid I/O automata, in 9th IFAC Symp. Fault Detect. Superv. AndSafety Tech. Process. SAFEPROCESS 2015, vol. 48, issue 21 (2015), pp. 143–149
A. Favela, H. Alla, J.M. Flaus, Modeling and analysis of time invariant linear hybrid systems, in 1998 IEEE International Conference on Systems, Man, and Cybernetics, 1998, vol. 1 (1998), pp. 839–844
S. Henry, E. Zamaï, M. Jacomino, Logic control law design for automated manufacturing systems. Eng. Appl. Artif. Intell. 25(4), 824–836 (2012)
S. Genc, S. Lafortune, Predictability of event occurrences in partially-observed discrete-event systems. Automatica 45(2), 301–311 (2009)
J. Chen, R. Kumar, Stochastic failure prognosability of discrete event systems. IEEE Trans. Autom. Control 60(6), 1570–1581 (2015)
Acknowledgments
This research was supported by the Direction Generale de l’Armement (DGA) Maîtrise de l’Information based in Bruz, France.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Sicard, F., Zamai, É., Flaus, JM. (2018). Critical States Distance Filter Based Approach for Detection and Blockage of Cyberattacks in Industrial Control Systems. In: Sayed-Mouchaweh, M. (eds) Diagnosability, Security and Safety of Hybrid Dynamic and Cyber-Physical Systems. Springer, Cham. https://doi.org/10.1007/978-3-319-74962-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-74962-4_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-74961-7
Online ISBN: 978-3-319-74962-4
eBook Packages: EngineeringEngineering (R0)