CISPA
Browse

File(s) not publicly available

Hide and Seek: An Architecture for Improving Attack-Visibility in Industrial Control Systems

conference contribution
posted on 2023-11-29, 18:12 authored by Jairo Giraldo, David Urbina, Alvaro A. Cárdenas, Nils Ole TippenhauerNils Ole Tippenhauer
In the past years we have seen an emerging field of research focusing on using the “physics” of a Cyber-Physical System to detect attacks. In its basic form, a security monitor is deployed somewhere in the industrial control network, observes a time-series of the operation of the system, and identifies anomalies in those measurements in order to detect potentially manipulated control commands or manipulated sensor readings. While there is a growing literature on detection mechanisms in that research direction, the problem of where to monitor the physical behavior of the system has received less attention. In this paper, we analyze the problem of where should we monitor these systems, and what attacks can and cannot be detected depending on the location of this network monitor. The location of the monitor is particularly important, because an attacker can bypass attack-detection by lying in some network interfaces while reporting that everything is normal in the others. Our paper is the first detailed study of what can and cannot be detected based on the devices an attacker has compromised and where we monitor our network. We show that there are locations that maximize our visibility against such attacks. Based on our analysis, we design a low-level security monitor that is able to directly observe the field communication between sensors, actuators, and Programmable Logic Controllers (PLCs). We implement that security monitor in a realistic testbed, and demonstrate that it can detect attacks that would otherwise be undetected at the supervisory network.

History

Preferred Citation

Jairo Giraldo, David Urbina, Alvaro Cárdenas and Nils Tippenhauer. Hide and Seek: An Architecture for Improving Attack-Visibility in Industrial Control Systems. In: International Conference on Applied Cryptography and Network Security (ACNS). 2019.

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

International Conference on Applied Cryptography and Network Security (ACNS)

Legacy Posted Date

2020-06-18

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3110, title = "Hide and Seek: An Architecture for Improving Attack-Visibility in Industrial Control Systems", author = "Giraldo, Jairo and Urbina, David and Cárdenas, Alvaro A. and Tippenhauer, Nils Ole", booktitle="{International Conference on Applied Cryptography and Network Security (ACNS)}", year="2019", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC