Grounds for Suspicion: Physics-based Early Warnings for Stealthy Attacks on Industrial Control Systems

06/15/2021
by   Mazen Azzam, et al.
0

Stealthy attacks on Industrial Control Systems can cause significant damage while evading detection. In this paper, instead of focusing on the detection of stealthy attacks, we aim to provide early warnings to operators, in order to avoid physical damage and preserve in advance data that may serve as an evidence during an investigation. We propose a framework to provide grounds for suspicion, i.e. preliminary indicators reflecting the likelihood of success of a stealthy attack. We propose two grounds for suspicion based on the behaviour of the physical process: (i) feasibility of a stealthy attack, and (ii) proximity to unsafe operating regions. We propose a metric to measure grounds for suspicion in real-time and provide soundness principles to ensure that such a metric is consistent with the grounds for suspicion. We apply our framework to Linear Time-Invariant (LTI) systems and formulate the suspicion metric computation as a real-time reachability problem. We validate our framework on a case study involving the benchmark Tennessee-Eastman process. We show through numerical simulation that we can provide early warnings well before a potential stealthy attack can cause damage, while incurring minimal load on the network. Finally, we apply our framework on a use case to illustrate its usefulness in supporting early evidence collection.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
06/04/2021

Efficient Predictive Monitoring of Linear Time-Invariant Systems Under Stealthy Attacks

Attacks on Industrial Control Systems (ICS) can lead to significant phys...
research
06/18/2021

SAGE: Stealthy Attack GEneration for Cyber-Physical Systems

Cyber-physical systems (CPS) have been increasingly attacked by hackers....
research
05/07/2017

A Reconnaissance Attack Mechanism for Fixed-Priority Real-Time Systems

In real-time embedded systems (RTS), failures due to security breaches c...
research
03/15/2022

Towards Adversarial Control Loops in Sensor Attacks: A Case Study to Control the Kinematics and Actuation of Embedded Systems

Recent works investigated attacks on sensors by influencing analog senso...
research
07/17/2020

Analysis of Industrial Device Architectures for Real-Time Operations under Denial of Service Attacks

More and more industrial devices are connected to IP-based networks, as ...
research
04/09/2020

Early Disease Diagnosis for Rice Crop

Many existing techniques provide automatic estimation of crop damage due...
research
10/07/2022

BayesImposter: Bayesian Estimation Based .bss Imposter Attack on Industrial Control Systems

Over the last six years, several papers used memory deduplication to tri...

Please sign up or login with your details

Forgot password? Click here to reset