Visible to the public Destructive Attacks Detection and Response System for Physical Devices in Cyber-Physical Systems

TitleDestructive Attacks Detection and Response System for Physical Devices in Cyber-Physical Systems
Publication TypeConference Paper
Year of Publication2019
AuthorsKabiri, Peyman, Chavoshi, Mahdieh
Conference Name2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)
Keywordsactuator, actuator security, actuators, composability, Computer worms, CPS, cyber-physical system security, Cyber-physical systems, destructive attacks detection, Hardware, Human Behavior, IoT security, malicious operation, Metrics, middleware, Monitoring, operating devices, physical damage, Physical damage control, Physical Threats in IoT, PLC, programmable controllers, programmable logic controller, pubcrawl, repetitive operational profile, Resiliency, response system, SCADA server, SCADA systems, security, security of data, system monitoring
AbstractNowadays, physical health of equipment controlled by Cyber-Physical Systems (CPS) is a significant concern. This paper reports a work, in which, a hardware is placed between Programmable Logic Controller (PLC) and the actuator as a solution. The proposed hardware operates in two conditions, i.e. passive and active. Operation of the proposed solution is based on the repetitive operational profile of the actuators. The normal operational profile of the actuator is fed to the protective hardware and is considered as the normal operating condition. In the normal operating condition, the middleware operates in its passive mode and simply monitors electronic signals passing between PLC and Actuator. In case of any malicious operation, the proposed hardware operates in its active mode and both slowly stops the actuator and sends an alert to SCADA server initiating execution of the actuator's emergency profile. Thus, the proposed hardware gains control over the actuator and prevents any physical damage on the operating devices. Two sample experiments are reported in which, results of implementing the proposed solution are reported and assessed. Results show that once the PLC sends incorrect data to actuator, the proposed hardware detects it as an anomaly. Therefore, it does not allow the PLC to send incorrect and unauthorized data pattern to its actuator. Significance of the paper is in introducing a solution to prevent destruction of physical devices apart from source or purpose of the encountered anomaly and apart from CPS functionality or PLC model and operation.
DOI10.1109/CyberSecPODS.2019.8884999
Citation Keykabiri_destructive_2019