Visible to the public Biblio

Filters: Keyword is industrial control system  [Clear All Filters]
2019-05-09
Ivanov, A. V., Sklyarov, V. A..  2018.  The Urgency of the Threats of Attacks on Interfaces and Field-Layer Protocols in Industrial Control Systems. 2018 XIV International Scientific-Technical Conference on Actual Problems of Electronics Instrument Engineering (APEIE). :162-165.
The paper is devoted to analysis of condition of executing devices and sensors of Industrial Control Systems information security. The work contains structures of industrial control systems divided into groups depending on system's layer. The article contains the analysis of analog interfaces work and work features of data transmission protocols in industrial control system field layer. Questions about relevance of industrial control systems information security, both from the point of view of the information security occurring incidents, and from the point of view of regulators' reaction in the form of normative legal acts, are described. During the analysis of the information security systems of industrial control systems a possibility of leakage through technical channels of information leakage at the field layer was found. Potential vectors of the attacks on devices of field layer and data transmission network of an industrial control system are outlined in the article. The relevance analysis of the threats connected with the attacks at the field layer of an industrial control system is carried out, feature of this layer and attractiveness of this kind of attacks is observed.
Li, Y., Liu, X., Tian, H., Luo, C..  2018.  Research of Industrial Control System Device Firmware Vulnerability Mining Technology Based on Taint Analysis. 2018 IEEE 9th International Conference on Software Engineering and Service Science (ICSESS). :607-610.
Aiming at the problem that there is little research on firmware vulnerability mining and the traditional method of vulnerability mining based on fuzzing test is inefficient, this paper proposed a new method of mining vulnerabilities in industrial control system firmware. Based on taint analysis technology, this method can construct test cases specifically for the variables that may trigger vulnerabilities, thus reducing the number of invalid test cases and improving the test efficiency. Experiment result shows that this method can reduce about 23 % of test cases and can effectively improve test efficiency.
Nguyen, Thuy D., Irvine, Cynthia E..  2018.  Development of Industrial Network Forensics Lessons. Proceedings of the Fifth Cybersecurity Symposium. :7:1-7:5.
Most forensic investigators are trained to recognize abusive network behavior in conventional information systems, but they may not know how to detect anomalous traffic patterns in industrial control systems (ICS) that manage critical infrastructure services. We have developed and laboratory-tested hands-on teaching material to introduce students to forensics investigation of intrusions on an industrial network. Rather than using prototypes of ICS components, our approach utilizes commercial industrial products to provide students a more realistic simulation of an ICS network. The lessons cover four different types of attacks and the corresponding post-incident network data analysis.
Lu, G., Feng, D..  2018.  Network Security Situation Awareness for Industrial Control System Under Integrity Attacks. 2018 21st International Conference on Information Fusion (FUSION). :1808-1815.
Due to the wide implementation of communication networks, industrial control systems are vulnerable to malicious attacks, which could cause potentially devastating results. Adversaries launch integrity attacks by injecting false data into systems to create fake events or cover up the plan of damaging the systems. In addition, the complexity and nonlinearity of control systems make it more difficult to detect attacks and defense it. Therefore, a novel security situation awareness framework based on particle filtering, which has good ability in estimating state for nonlinear systems, is proposed to provide an accuracy understanding of system situation. First, a system state estimation based on particle filtering is presented to estimate nodes state. Then, a voting scheme is introduced into hazard situation detection to identify the malicious nodes and a local estimator is constructed to estimate the actual system state by removing the identified malicious nodes. Finally, based on the estimated actual state, the actual measurements of the compromised nodes are predicted by using the situation prediction algorithm. At the end of this paper, a simulation of a continuous stirred tank is conducted to verify the efficiency of the proposed framework and algorithms.
2018-07-18
Vávra, J., Hromada, M..  2017.  Anomaly Detection System Based on Classifier Fusion in ICS Environment. 2017 International Conference on Soft Computing, Intelligent System and Information Technology (ICSIIT). :32–38.

The detection of cyber-attacks has become a crucial task for highly sophisticated systems like industrial control systems (ICS). These systems are an essential part of critical information infrastructure. Therefore, we can highlight their vital role in contemporary society. The effective and reliable ICS cyber defense is a significant challenge for the cyber security community. Thus, intrusion detection is one of the demanding tasks for the cyber security researchers. In this article, we examine classification problem. The proposed detection system is based on supervised anomaly detection techniques. Moreover, we utilized classifiers algorithms in order to increase intrusion detection capabilities. The fusion of the classifiers is the way how to achieve the predefined goal.

Yusheng, W., Kefeng, F., Yingxu, L., Zenghui, L., Ruikang, Z., Xiangzhen, Y., Lin, L..  2017.  Intrusion Detection of Industrial Control System Based on Modbus TCP Protocol. 2017 IEEE 13th International Symposium on Autonomous Decentralized System (ISADS). :156–162.

Modbus over TCP/IP is one of the most popular industrial network protocol that are widely used in critical infrastructures. However, vulnerability of Modbus TCP protocol has attracted widely concern in the public. The traditional intrusion detection methods can identify some intrusion behaviors, but there are still some problems. In this paper, we present an innovative approach, SD-IDS (Stereo Depth IDS), which is designed for perform real-time deep inspection for Modbus TCP traffic. SD-IDS algorithm is composed of two parts: rule extraction and deep inspection. The rule extraction module not only analyzes the characteristics of industrial traffic, but also explores the semantic relationship among the key field in the Modbus TCP protocol. The deep inspection module is based on rule-based anomaly intrusion detection. Furthermore, we use the online test to evaluate the performance of our SD-IDS system. Our approach get a low rate of false positive and false negative.

2018-06-11
Tacliad, Francisco, Nguyen, Thuy D., Gondree, Mark.  2017.  DoS Exploitation of Allen-Bradley's Legacy Protocol Through Fuzz Testing. Proceedings of the 3rd Annual Industrial Control System Security Workshop. :24–31.
EtherNet/IP is a TCP/IP-based industrial protocol commonly used in industrial control systems (ICS). TCP/IP connectivity to the outside world has enabled ICS operators to implement more agile practices, but it also has exposed these cyber-physical systems to cyber attacks. Using a custom Scapy-based fuzzer to test for implementation flaws in the EtherNet/IP software of commercial programmable logic controllers (PLC), we uncover a previously unreported denial-of-service (DoS) vulnerability in the Ethernet/IP implementation of the Rockwell Automation/Allen-Bradley MicroLogix 1100 PLC that, if exploited, can cause the PLC to fault. ICS-CERT recently announces this vulnerability in the security advisory ICSA-17-138-03. This paper describes this vulnerability, the development of an EtherNet/IP fuzzer, and an approach to remotely monitor for faults generated when fuzzing.
2018-04-04
Ullah, I., Mahmoud, Q. H..  2017.  A hybrid model for anomaly-based intrusion detection in SCADA networks. 2017 IEEE International Conference on Big Data (Big Data). :2160–2167.

Supervisory Control and Data Acquisition (SCADA) systems complexity and interconnectivity increase in recent years have exposed the SCADA networks to numerous potential vulnerabilities. Several studies have shown that anomaly-based Intrusion Detection Systems (IDS) achieves improved performance to identify unknown or zero-day attacks. In this paper, we propose a hybrid model for anomaly-based intrusion detection in SCADA networks using machine learning approach. In the first part, we present a robust hybrid model for anomaly-based intrusion detection in SCADA networks. Finally, we present a feature selection model for anomaly-based intrusion detection in SCADA networks by removing redundant and irrelevant features. Irrelevant features in the dataset can affect modeling power and reduce predictive accuracy. These models were evaluated using an industrial control system dataset developed at the Distributed Analytics and Security Institute Mississippi State University Starkville, MS, USA. The experimental results show that our proposed model has a key effect in reducing the time and computational complexity and achieved improved accuracy and detection rate. The accuracy of our proposed model was measured as 99.5 % for specific-attack-labeled.

2017-12-20
Iber, J., Rauter, T., Krisper, M., Kreiner, C..  2017.  An Integrated Approach for Resilience in Industrial Control Systems. 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). :67–74.
New generations of industrial control systems offer higher performance, they are distributed, and it is very likely that they are internet connected in one way or another. These trends raise new challenges in the contexts of reliability and security. We propose a novel approach that tackles the complexity of industrial control systems at design time and run time. At design time our target is to ease the configuration and verification of controller configurations through model-driven engineering techniques together with the contract-based design paradigm. At run time the information from design time is reused in order to support a modular and distributed self-adaptive software system that aims to increase reliability and security. The industrial setting of the presented approach are control devices for hydropower plant units.
2017-05-30
Vaughn, Jr., Rayford B., Morris, Tommy.  2016.  Addressing Critical Industrial Control System Cyber Security Concerns via High Fidelity Simulation. Proceedings of the 11th Annual Cyber and Information Security Research Conference. :12:1–12:4.

This paper outlines a set of 10 cyber security concerns associated with Industrial Control Systems (ICS). The concerns address software and hardware development, implementation, and maintenance practices, supply chain assurance, the need for cyber forensics in ICS, a lack of awareness and training, and finally, a need for test beds which can be used to address the first 9 cited concerns. The concerns documented in this paper were developed based on the authors' combined experience conducting research in this field for the US Department of Homeland Security, the National Science Foundation, and the Department of Defense. The second half of this paper documents a virtual test bed platform which is offered as a tool to address the concerns listed in the first half of the paper. The paper discusses various types of test beds proposed in literature for ICS research, provides an overview of the virtual test bed platform developed by the authors, and lists future works required to extend the existing test beds to serve as a development platform.

2017-04-20
Wakchaure, M., Sarwade, S., Siddavatam, I..  2016.  Reconnaissance of Industrial Control System by deep packet inspection. 2016 IEEE International Conference on Engineering and Technology (ICETECH). :1093–1096.

Industrial Control System (ICS) consists of large number of electronic devices connected to field devices to execute the physical processes. Communication network of ICS supports wide range of packet based applications. A growing issue with network security and its impact on ICS have highlighted some fundamental risks to critical infrastructure. To address network security issues for ICS a clear understanding of security specific defensive countermeasures is required. Reconnaissance of ICS network by deep packet inspection (DPI) consists analysis of the contents of the captured packets in order to get accurate measures of process that uses specific countermeasure to create an aggregated posture. In this paper we focus on novel approach by presenting a technique with captured network traffic. This technique is capable to identify the protocols and extract different features for classification of traffic based on network protocol, header information and payload to understand the whole architecture of complex system. Here we have segregated possible types of attacks on ICS.

2017-02-27
Zheng, Y., Zheng, S..  2015.  Cyber Security Risk Assessment for Industrial Automation Platform. 2015 International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP). :341–344.

Due to the fact that the cyber security risks exist in industrial control system, risk assessment on Industrial Automation Platform (IAP) is discussed in this paper. The cyber security assessment model for IAP is built based on relevant standards at abroad. Fuzzy analytic hierarchy process and fuzzy comprehensive evaluation method based on entropy theory are utilized to evaluate the communication links' risk of IAP software. As a result, the risk weight of communication links which have impacts on platform and the risk level of this platform are given for further study on protective strategy. The assessment result shows that the methods used can evaluate this platform efficiently and practically.

2017-02-14
M. Bere, H. Muyingi.  2015.  "Initial investigation of Industrial Control System (ICS) security using Artificial Immune System (AIS)". 2015 International Conference on Emerging Trends in Networks and Computer Communications (ETNCC). :79-84.

Industrial Control Systems (ICS) which among others are comprised of Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS) are used to control industrial processes. ICS have now been connected to other Information Technology (IT) systems and have as a result become vulnerable to Advanced Persistent Threats (APT). APTs are targeted attacks that use zero-day attacks to attack systems. Current ICS security mechanisms fail to deter APTs from infiltrating ICS. An analysis of possible solutions to deter APTs was done. This paper proposes the use of Artificial Immune Systems to secure ICS from APTs.