Abstract
We are currently experiencing the fourth industrial revolution. This is what the German government initiative, first, has identified with ‘Industry 4.0’. The manufacturing future will be marked and will go through the new automation technologies that are being introduced with Industrial Internet of Things (I2oT). Industrial Control Systems (ICSs) are exploiting I2oT for reducing costs and improving efficiency. However, ICSs are already jeopardized by an increasingly large set of threat vectors. Those threats are used by malicious actors to misuse physical Critical Infrastructures that usually are vital services for well-being. I2oT implementation increases the threat surface, generating new possible vulnerabilities. Information Technology (IT) classical approaches to cyber attacks cannot be applied to ICS due to their extreme differences from main priorities to resource constrains. Therefore, innovative approaches and equipment must be developed to suit with ICS world. In this paper, a Smart Behavioural Filter (SBF) for the PLCs (Programmable Logic Controllers) is proposed aiming to secure the PLC itself against logic attacks, that are stealth for other more classical security approaches. An example of the considered logic attacks is many open and close commands towards a valve in a short time. Those logic attacks are usually a sequence of well-formed packets in which the content represents an anomalous and unpredicted behaviour. This smart field equipment can react in short time to cyber attacks isolating the PLC, communicate with other equipment like itself and increasing in general the resilience of the physical system. It can also generate alarms for the local Intrusion Detection System (IDS). The proposed equipment has been developed and validated in a real test-bed within the FP7 CockpitCI project and H2020 ATENA project.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Modicon M340 - Schneider Electric. http://www.schneider-electric.com/en/product-range/1468-modicon-m340/
The Bro Network Security Monitor. https://www.bro.org/
Abdul Aziz MZ, Ibrahim MY, Omar AM, Ab Rahman R, Md Zan MM, Yusof MI (2012) Performance analysis of application layer firewall. In: 2012 IEEE Symposium on wireless technology and applications (ISWTA). IEEE, pp 182–186. doi:10.1109/ISWTA.2012.6373838. http://ieeexplore.ieee.org/document/6373838/
Di Pietro A, Foglietta C, Palmieri S, Panzieri S (2013) Assessing the impact of Cyber attacks on interdependent physical systems. Springer, Berlin Heidelberg, pp 215–227. doi:10.1007/978-3-642-45330-4_15. http://link.springer.com/10.1007/978-3-642-45330-4_15
Feng Y, Foglietta C, Baiocco A, Panzieri S, Wolthusen SD (2013) Malicious false data injection in hierarchical electric power grid state estimation systems. In: Proceedings of the the fourth international conference on Future energy systems - e-Energy ’13. ACM Press, New York, p 183. doi:10.1145/2487166.2487187. http://dl.acm.org/citation.cfm?doid=2487166.2487187
Fung CJ, McCormick B (2015) VGuard: a distributed denial of service attack mitigation method using network function virtualization. In: 2015 11th International conference on network and service management (CNSM). IEEE, pp 64–70. doi:10.1109/CNSM.2015.7367340. http://ieeexplore.ieee.org/document/7367340/
Huitsing P, Chandia R, Papa M, Shenoi S (2008) Attack taxonomies for the Modbus protocols. Int J Crit Infrast Protect 1:37–44. doi:10.1016/j.ijcip.2008.08.003
Kang DH, Kim BK, Na JC (2014) Cyber threats and defence approaches in SCADA systems. In: International conference on advanced communication technology, ICACT. Global IT Research Institute (GIRI), pp 324–327. doi:10.1109/ICACT.2014.6778974. http://ieeexplore.ieee.org/document/6778974/
Kushner D (2013) The real story of stuxnet. IEEE Spect 50(3):48–53. doi:10.1109/MSPEC.2013.6471059. http://ieeexplore.ieee.org/document/6471059/
Li W, Xie L, Deng Z, Wang Z (2016) False sequential logic attack on SCADA system and its physical impact analysis. Comput Secur 58:149–159. doi:10.1016/j.cose.2016.01.001
Li W, Xie L, Liu D, Wang Z (2014) False logic attacks on SCADA control system. In: 2014 Asia-Pacific services computing conference. IEEE, pp 136–140. doi:10.1109/APSCC.2014.27. http://ieeexplore.ieee.org/document/7175507/
Nivethan J, Papa M (2016) On the use of open-source firewalls in ICS/SCADA systems. Inf Secur J Glob Perspect 25(1–3):83–93. doi:10.1080/19393555.2016.1172283. http://www.tandfonline.com/doi/full/10.1080/19393555.2016.1172283
Piggin R. (2013) Development of industrial cyber security standards: IEC 62443 for scada and industrial control system security. In: IET Conference on control and automation 2013: uniting problems and solutions. Institution of Engineering and Technology, pp 11–11. doi:10.1049/cp.2013.0001. http://digital-library.theiet.org/content/conferences/10.1049/cp.2013.0001
Sheth C, Thakker R (2011) Performance evaluation and comparative analysis of network firewalls. In: 2011 International conference on devices and communications (ICDeCom). IEEE, pp 1–5. doi:10.1109/ICDECOM.2011.5738566. http://ieeexplore.ieee.org/document/5738566/
Acknowledgments
The research paper is partially supported by the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 700581 (ATENA - Advanced Tools to Assess and Mitigate the Criticality of ICT Components and Their Dependencies over Critical Infrastructures) www.atena-h2020.eu.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Corbò, G., Foglietta, C., Palazzo, C. et al. Smart Behavioural Filter for Industrial Internet of Things. Mobile Netw Appl 23, 809–816 (2018). https://doi.org/10.1007/s11036-017-0882-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-017-0882-1