Countering targeted cyber-physical attacks using anomaly detection in self-adaptive Industry 4.0 Systems

Abwehr zielgerichteter cyber-physischer Angriffe mittels Anomalie-Erkennung in selbstadaptiven Industrie-4.0-Systemen

Abstract

This paper presents a novel approach to flexibly control the depth of monitoring applied to CPS-enabled safety-critical infrastructures, to timely detect deviations from the desired operational status, and discusses how the application of anomaly detection (AD) techniques can be further leveraged to automatically adapt the security controls of the infrastructure itself.

Zusammenfassung

Dieser Beitrag stellt einen neuartigen Ansatz zur flexiblen Steuerung des Grades der Überwachung in CPS-fähigen sicherheitskritischen Infrastrukturen vor, um Abweichungen vom gewünschten Betriebszustand rechtzeitig zu erkennen, und diskutiert, wie die Anwendung von Anomalie-Erkennungstechniken genutzt werden kann, um die Sicherheitskontrollen der Infrastruktur automatisch anzupassen.

This is a preview of subscription content, log in to check access.

Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.

Notes

  1. 1.

    Open Web Application Security Project (OWASP): The free and open software security community http://www.owasp.org/.

  2. 2.

    As further described in the following, in our work we adopted our log-based white-listing anomaly detection approach named AECID [17].

  3. 3.

    https://aecid.ait.ac.at/.

References

  1. 1.

    Arcaini, P., Riccobene, E., Scandurra, P. (2015): Modeling and analyzing MAPE-K feedback loops for self-adaptation. In Proceedings of the 10th international symposium on software engineering for adaptive and self-managing systems (pp. 13–23). New York: IEEE Press.

    Google Scholar 

  2. 2.

    Chandola, V., Banerjee, A., Kumar, V. (2009): Anomaly detection: a survey. ACM Comput. Surv., 41(3), 15.

    Article  Google Scholar 

  3. 3.

    Hankel, M., Rexroth, B. (2015): The reference architectural model Industrie 4.0 (RAMI 4.0). Frankfurt a. M.: ZVEI.

    Google Scholar 

  4. 4.

    Industrial Internet Consortium (2016): Industrial internet of things, vol. G4: security framework. Needham: Industrial Internet Consortium.

    Google Scholar 

  5. 5.

    Kephart, J. O., Chess, D. M. (2003): The vision of autonomic computing. Computer, 36(1), 41–50.

    MathSciNet  Article  Google Scholar 

  6. 6.

    Lasi, H., Fettke, P., Kemper, H.-G., Feld, T., Hoffmann, M. (2014): Industry 4.0. Bus. Inf. Syst. Eng., 6(4), 239.

    Article  Google Scholar 

  7. 7.

    Liebi, M. (2016): Industry 4.0 and the impact on cybersecurity. Bern: United Security Providers.

    Google Scholar 

  8. 8.

    Ma, Z., Hudic, A., Shaaban, A., Plosz, S. (2017): Security viewpoint in a reference architecture model for cyber-physical production systems. In 2017 IEEE European symposium on security and privacy workshops, EuroS&PW (pp. 153–159). New York: IEEE Press.

    Google Scholar 

  9. 9.

    Muccini, H., Sharaf, M., Weyns, D. (2016): Self-adaptation for cyber physical systems: a systematic literature review. In Proceedings of the 11th international symposium on software engineering for adaptive and self-managing systems (pp. 75–81). New York: ACM.

    Google Scholar 

  10. 10.

    Musil, A., Musil, J., Weyns, D., Bures, T., Muccini, H., Sharaf, M. (2017): Patterns for self-adaptation in cyber-physical systems. In Multi-disciplinary engineering for cyber-physical production systems (pp. 331–368). Berlin: Springer.

    Google Scholar 

  11. 11.

    Om, H., Kundu, A. (2012): A hybrid system for reducing the false alarm rate of anomaly intrusion detection system. In 2012 1st international conference on recent advances in information technology. RAIT (pp. 131–136). New York: IEEE Press.

    Google Scholar 

  12. 12.

    Pereira, T., Barreto, L., Amaral, A. (2017): Network and information security challenges within Industry 4.0 paradigm. Proc. Manuf., 13, 1253–1260.

    Google Scholar 

  13. 13.

    Settanni, G., Skopik, F., Karaj, A., Wurzenberger, M., Fiedler, R. (2018): Protecting cyber physical production systems using anomaly detection to enable self-adaptation. In 1st IEEE international conference on industrial cyber physical systems, ICPS 2018 (pp. 173–180). New York: IEEE Press.

    Google Scholar 

  14. 14.

    Skopik, F. (2017): Collaborative cyber threat intelligence: detecting and responding to advanced cyber attacks at the national level. Boca Raton: CRC Press.

    Google Scholar 

  15. 15.

    Tauber, M., Kirby, G., Dearle, A. (2010): Self-adaptation applied to peer-set maintenance in chord via a generic autonomic management framework. In 2010 fourth IEEE international conference on self-adaptive and self-organizing systems workshop, SASOW (pp. 9–16). New York: IEEE Press.

    Google Scholar 

  16. 16.

    Thonnard, O., Bilge, L., OGorman, G., Kiernan, S., Lee, M. (2012): Industrial espionage and targeted attacks: understanding the characteristics of an escalating threat. In International workshop on recent advances in intrusion detection (pp. 64–85). Berlin: Springer.

    Google Scholar 

  17. 17.

    Wurzenberger, M., Skopik, F., Settanni, G., Fiedler, R. (2018): AECID: a self-learning anomaly detection approach based on light-weight log parser models. In 4th international conference on information systems security and privacy, ICISSP 2018, January 22–24, 2018. Funchal, Madeira, Portugal. Setubal: INSTICC.

    Google Scholar 

Download references

Acknowledgements

This work was partly funded by the Austrian FFG research project synERGY (855457) and the European ECSEL project SEMI 4.0 (692466).

Author information

Affiliations

Authors

Corresponding author

Correspondence to Florian Skopik.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Settanni, G., Skopik, F., Wurzenberger, M. et al. Countering targeted cyber-physical attacks using anomaly detection in self-adaptive Industry 4.0 Systems. Elektrotech. Inftech. 135, 278–285 (2018). https://doi.org/10.1007/s00502-018-0615-6

Download citation

Keywords

  • security monitoring
  • log data
  • anomaly detection
  • security metrics
  • self-adaptive system

Schlüsselwörter

  • Sicherheitsüberwachung
  • Log-Daten
  • Anomalie-Erkennung
  • Sicherheits-Metriken
  • selbstadaptive Systeme