Advertisement

Engineering Edge Security in Industrial Control Systems

  • Piroska Haller
  • Béla Genge
  • Adrian-Vasile Duka
Chapter
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)

Abstract

Industrial Controllers (e.g., Programmable Logical Controllers – PLCs, and Remote Terminal Units – RTUs) have been specialized to deliver robust control strategies. However, little has been done towards the integration of security strategies within their application-layer. This chapter investigates the integration of security solutions within the industrial control system’s “edge” devices – the Industrial Controller (IC). As a specific case study it demonstrates the implementation of a simple anomaly detection engine traditional in control applications. The approach shows that the scheduling rate of control applications is significantly affected by various events, such as a change in the number of network packets, configuration interventions, etc. Implementations realized on a Phoenix Contact ILC 350-PN controller demonstrate the feasibility and applicability of the proposed methodology.

Notes

Acknowledgements

This work was supported by a grant of the Romanian National Authority for Scientific Research and Innovation, CNCS/CCCDI-UEFISCDI, project number PN-III-P2-2.1-BG-2016-0013, within PNCDI III.

References

  1. 1.
    Almalawi A, Fahad A, Tari Z, Alamri A, AlGhamdi R, Zomaya AY (2016) An efficient data-driven clustering technique to detect attacks in scada systems. IEEE Trans Inf Forensics Secur 11(5):893–906.  https://doi.org/10.1109/TIFS.2015.2512522 CrossRefGoogle Scholar
  2. 2.
    Bini E, Nguyen THC, Richard P, Baruah SK (2009) A response-time bound in fixed-priority scheduling with arbitrary deadlines. IEEE Trans Comput 58(2):279–286MathSciNetCrossRefGoogle Scholar
  3. 3.
    Carcano A, Coletta A, Guglielmi M, Masera M, Fovino IN, Trombetta A (2011) A multidimensional critical state analysis for detecting intrusions in SCADA systems. IEEE Trans Ind Inf 7(2):179–186.  https://doi.org/10.1109/TII.2010.2099234 CrossRefGoogle Scholar
  4. 4.
    Cárdenas AA, Amin S, Lin ZS, Huang YL, Huang CY, Sastry S (2011) Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS’11. ACM, New York, pp 355–366. https://doi.org/10.1145/1966913.1966959 Google Scholar
  5. 5.
    Chen B, Ho DWC, Zhang WA, Yu L (2017) Distributed dimensionality reduction fusion estimation for cyber-physical systems under dos attacks. IEEE Trans Syst Man Cybern Syst PP(99):1–14.  https://doi.org/10.1109/TSMC.2017.2697450
  6. 6.
    Di Pietro A, Panzieri S, Gasparri A (2015) Situational awareness using distributed data fusion with evidence discounting. In: Rice M, Shenoi S (eds) Critical infrastructure protection IX. Springer, Cham, pp 281–296CrossRefGoogle Scholar
  7. 7.
    Filippini R, Silva A (2014) A modeling framework for the resilience analysis of networked systems-of-systems based on functional dependencies. Reliab Eng Syst Saf 125:82–91. https://doi.org/10.1016/j.ress.2013.09.010, http://www.sciencedirect.com/science/article/pii/S0951832013002676 CrossRefGoogle Scholar
  8. 8.
    Fovino IN, Coletta A, Carcano A, Masera M (2012) Critical state-based filtering system for securing SCADA network protocols. IEEE Trans Ind Electron 59(10):3943–3950.  https://doi.org/10.1109/TIE.2011.2181132 CrossRefGoogle Scholar
  9. 9.
    Genge B, Rusu DA, Haller P (2014) A connection pattern-based approach to detect network traffic anomalies in critical infrastructures. In: Proceedings of the Seventh European Workshop on System Security, EuroSec’14. ACM, New York, pp 1:1–1:6. https://doi.org/10.1145/2592791.2592792
  10. 10.
    Genge B, Siaterlis C, Karopoulos G (2013) Data fusion-base anomay detection in networked critical infrastructures. In: 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W), pp 1–8.  https://doi.org/10.1109/DSNW.2013.6615505
  11. 11.
    Giani A, Bent R, Pan F (2014) Phasor measurement unit selection for unobservable electric power data integrity attack detection. Int J Crit Infrastruct Prot 7(3):155–164. https://doi.org/10.1016/j.ijcip.2014.06.001, http://www.sciencedirect.com/science/article/pii/S1874548214000407 CrossRefGoogle Scholar
  12. 12.
    Giraldo J, Cardenas A, Quijano N (2017) Integrity attacks on real-time pricing in smart grids: impact and countermeasures. IEEE Trans Smart Grid 8(5):2249–2257.  https://doi.org/10.1109/TSG.2016.2521339 CrossRefGoogle Scholar
  13. 13.
    Ha D, Ahmed U, Pyun H, Lee CJ, Baek KH, Han C (2017) Multi-mode operation of principal component analysis with k-nearest neighbor algorithm to monitor compressors for liquefied natural gas mixed refrigerant processes. Comput Chem Eng 106:96–105. https://doi.org/10.1016/j.compchemeng.2017.05.029, http://www.sciencedirect.com/science/article/pii/S0098135417302466. ESCAPE-26CrossRefGoogle Scholar
  14. 14.
    Hagerott M (2014) Stuxnet and the vital role of critical infrastructure operators and engineers. Int J Crit Infrastruct Prot 7(4):244–246CrossRefGoogle Scholar
  15. 15.
    Haller P, Genge B (2017) Using sensitivity analysis and cross-association for the design of intrusion detection systems in industrial cyber-physical systems. IEEE Access 5:9336–9347.  https://doi.org/10.1109/ACCESS.2017.2703906 CrossRefGoogle Scholar
  16. 16.
    Kiss I, Genge B, Haller P, Sebestyén G (2014) Data clustering-based anomaly detection in industrial control systems. In: 2014 IEEE 10th International Conference on Intelligent Computer Communication and Processing (ICCP), pp 275–281.  https://doi.org/10.1109/ICCP.2014.6937009
  17. 17.
    Montgomery DC (2013) Introduction to statistical quality control. Wiley, New YorkzbMATHGoogle Scholar
  18. 18.
    Page ES (1954) Continuous inspection schemes. Biometrika 41(1/2):100–115MathSciNetCrossRefGoogle Scholar
  19. 19.
    Phoenix Contact GmbH Co. K (2010) PC WORX 6 IEC 61131-ProgrammingGoogle Scholar
  20. 20.
    Portnoy I, Melendez K, Pinzon H, Sanjuan M (2016) An improved weighted recursive PCA algorithm for adaptive fault detection. Control Eng Pract 50:69–83. https://doi.org/10.1016/j.conengprac.2016.02.010, http://www.sciencedirect.com/science/article/pii/S0967066116300326 CrossRefGoogle Scholar
  21. 21.
    Rubio JE, Alcaraz C, Roman R, Lopez J (2017) Analysis of intrusion detection systems in industrial ecosystems. In: Proceedings of the 14th International Joint Conference on E-Business and Telecommunications (ICETE 2017) – vol 4: SECRYPT, Madrid, 24–26 July 2017, pp 116–128. https://doi.org/10.5220/0006426301160128
  22. 22.
    Shitharth S, Prince Winston D (2017) An enhanced optimization based algorithm for intrusion detection in SCADA network. Comput Secur 70(Supplement C):16–26. https://doi.org/10.1016/j.cose.2017.04.012, http://www.sciencedirect.com/science/article/pii/S0167404817300901 CrossRefGoogle Scholar
  23. 23.
    Stone S, Temple M (2012) Radio-frequency-based anomaly detection for programmable logic controllers in the critical infrastructure. Int J Crit Infrastruct Prot 5(2):66–73. https://doi.org/10.1016/j.ijcip.2012.05.001, http://www.sciencedirect.com/science/article/pii/S1874548212000200 CrossRefGoogle Scholar
  24. 24.
    Symantec (2014) Dragonfly: cyberespionage attacks against energy suppliers. Symantec Security ResponseGoogle Scholar
  25. 25.
    Wan M, Shang W, Zeng P (2017) Double behavior characteristics for one-class classification anomaly detection in networked control systems. IEEE Trans Inf Forensics Secur 12(12):3011–3023.  https://doi.org/10.1109/TIFS.2017.2730581 CrossRefGoogle Scholar
  26. 26.
    Wang B, Mao Z (2018) One-class classifiers ensemble based anomaly detection scheme for process control systems. Trans Inst Meas Control 40(12):3466–3476CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Piroska Haller
    • 1
  • Béla Genge
    • 1
  • Adrian-Vasile Duka
    • 1
  1. 1.Petru Maior University of Tîrgu MureşTîrgu MureşRomania

Personalised recommendations