research-article

A Probe into Process-Level Attack Detection in Industrial Environments from a Side-Channel Perspective

Authors:

Wissam Aoudi,

Albin Hellqvist,

Albert Overland,

Magnus AlmgrenAuthors Info & Claims

ICSS: Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop

Pages 1 - 10

https://doi.org/10.1145/3372318.3372320

Published: 10 December 2019 Publication History

Get Access

Abstract

Process-level detection of cyberattacks on industrial control systems pertain to observing the physical process to detect implausible behavior. State-of-the-art techniques identify a baseline of the normal process behavior from historical measurements and then monitor the system operation in real time to detect deviations from the baseline. Evidently, these techniques are intended to be connected to the control flow to be able to acquire and analyze the necessary measurement data, which makes them susceptible to compromise by the attacker. In this paper, we approach process-level attack detection from a side-channel perspective, where we investigate the feasibility and efficacy of monitoring industrial machines through external sensors. The sensors measure physical properties of the process that are bound to change during a cyberattack. We demonstrate the viability of our approach through simulations and experiments on real industrial machines.

References

[1]

Chuadhry Mujeeb Ahmed, Jianying Zhou, and Aditya P. Mathur. 2018. Noise Matters: Using Sensor and Process Noise Fingerprint to Detect Stealthy Cyber Attacks and Authenticate Sensors in CPS. In Proceedings of the 34th Annual Computer Security Applications Conference (ACSAC '18). ACM, New York, NY, USA, 566--581. https://doi.org/10.1145/3274694.3274748

Crossref

Google Scholar

[2]

Magnus Almgren, Wissam Aoudi, Robert Gustafsson, Robin Krahl, and Andreas Lindhé. 2018. The Nuts and Bolts of Deploying Process-Level IDS in Industrial Control Systems. In Proceedings of the 4th Annual Industrial Control System Security Workshop (ICSS '18). ACM, New York, NY, USA, 17--24. https://doi.org/10.1145/3295453.3295456

Digital Library

Google Scholar

[3]

Wissam Aoudi, Mikel Iturbe, and Magnus Almgren. 2018. Truth Will Out: Departure-Based Process-Level Detection of Stealthy Attacks on Control Systems. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS '18). ACM, New York, NY, USA, 817--831. https://doi.org/10.1145/3243734.3243781

Digital Library

Google Scholar

[4]

J. Goh, S. Adepu, M. Tan, and Z. S. Lee. 2017. Anomaly Detection in Cyber Physical Systems Using Recurrent Neural Networks. In 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE). 140--145. https://doi.org/10.1109/HASE.2017.36

Crossref

Google Scholar

[5]

Dina Hadžiosmanović, Robin Sommer, Emmanuele Zambon, and Pieter H. Hartel. 2014. Through the Eye of the PLC: Semantic Security Monitoring for Industrial Processes. In Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC '14). ACM, New York, NY, USA, 126--135. https://doi.org/10.1145/2664243.2664277

Crossref

Google Scholar

[6]

Karl Hoffmann. 2001. Applying the Wheatstone Bridge Circuit. HBM Publication. http://eln.teilam.gr/sites/default/files/Wheatstone%20bridge.pdf

Google Scholar

[7]

Marina Krotofil, Jason Larsen, and Dieter Gollmann. 2015. The Process Matters: Ensuring Data Veracity in Cyber-Physical Systems. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIA CCS '15). ACM, New York, NY, USA, 133--144. https://doi.org/10.1145/2714576.2714599

Digital Library

Google Scholar

[8]

Miro Oljaca, Peter Semig, and Collin Wells. 2015. Connecting PGA900 Instrumentation Amplifier to Resistive Bridge Sensor. Texas Instruments. http://www.ti.com/lit/an/slda032/slda032.pdf

Google Scholar

[9]

Dmitry Shalyga, Pavel Filonov, and Andrey Lavrentyev. 2018. Anomaly Detection for Water Treatment System based on Neural Network with Automatic Architecture Optimization. CoRR abs/1807.07282 (2018). arXiv:1807.07282

Google Scholar

[10]

David I. Urbina, Jairo A. Giraldo, Alvaro A. Cardenas, Nils Ole Tippenhauer, Junia Valente, Mustafa Faisal, Justin Ruths, Richard Candell, and Henrik Sandberg. 2016. Limiting the Impact of Stealthy Attacks on Industrial Control Systems. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16). ACM, New York, NY, USA, 1092--1105.

Digital Library

Google Scholar

[11]

David I Urbina, David I Urbina, Jairo Giraldo, Alvaro A Cardenas, Junia Valente, Mustafa Faisal, Nils Ole Tippenhauer, Justin Ruths, Richard Candell, and Henrik Sandberg. 2016. Survey and new directions for physics-based attack detection in control systems. National Institute of Standards and Technology.

Google Scholar

[12]

Pol Van Aubel, Kostas Papagiannopoulos, Łukasz Chmielewski, and Christian Doerr. 2017. Side-channel based intrusion detection for industrial control systems. In International Conference on Critical Information Infrastructures Security. Springer, 207--224.

Google Scholar

Cited By

View all

Aoudi WAlmgren M(2021)A Framework for Determining Robust Context-Aware Attack-Detection Thresholds for Cyber-Physical SystemsProceedings of the 2021 Australasian Computer Science Week Multiconference10.1145/3437378.3437393(1-6)Online publication date: 1-Feb-2021
https://dl.acm.org/doi/10.1145/3437378.3437393
Aoudi WNowdehi NAlmgren MOlovsson THung CHong JBechini ASong E(2021)SpectraProceedings of the 36th Annual ACM Symposium on Applied Computing10.1145/3412841.3442032(1588-1597)Online publication date: 22-Mar-2021
https://dl.acm.org/doi/10.1145/3412841.3442032

A Probe into Process-Level Attack Detection in Industrial Environments from a Side-Channel Perspective
1. Computer systems organization

Recommendations

State-aware anomaly detection for industrial control systems
SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing

Anomaly detection for industrial control systems (ICS) can leverage process data to detect malicious derivations from expected process behavior. We propose state-aware anomaly detection that uses state dependent detection thresholds, which provide ...
Blind Concealment from Reconstruction-based Attack Detectors for Industrial Control Systems via Backdoor Attacks
CPSS '23: Proceedings of the 9th ACM Cyber-Physical System Security Workshop

Industrial Control Systems (ICS) are responsible for the safety and operations of critical infrastructure such as power grids. Attacks on such systems threaten the well-being of societies, and the lives of human operators, and pose huge financial ...
Poisoning attacks on cyber attack detectors for industrial control systems
SAC '21: Proceedings of the 36th Annual ACM Symposium on Applied Computing

Recently, neural network (NN)-based methods, including autoencoders, have been proposed for the detection of cyber attacks targeting industrial control systems (ICSs). Such detectors are often retrained, using data collected during system operation, to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ICSS: Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop

December 2019

72 pages

ISBN:9781450377195

DOI:10.1145/3372318

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 December 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICSS

ICSS: Fifth Annual Industrial Control System Security Workshop

December 10, 2019

PR, San Juan, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
157
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)1

Reflects downloads up to 17 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Aoudi WAlmgren M(2021)A Framework for Determining Robust Context-Aware Attack-Detection Thresholds for Cyber-Physical SystemsProceedings of the 2021 Australasian Computer Science Week Multiconference10.1145/3437378.3437393(1-6)Online publication date: 1-Feb-2021
https://dl.acm.org/doi/10.1145/3437378.3437393
Aoudi WNowdehi NAlmgren MOlovsson THung CHong JBechini ASong E(2021)SpectraProceedings of the 36th Annual ACM Symposium on Applied Computing10.1145/3412841.3442032(1588-1597)Online publication date: 22-Mar-2021
https://dl.acm.org/doi/10.1145/3412841.3442032

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

State-aware anomaly detection for industrial control systems

Blind Concealment from Reconstruction-based Attack Detectors for Industrial Control Systems via Backdoor Attacks

Poisoning attacks on cyber attack detectors for industrial control systems