1. Physics Reasoning for Intrusion Detection in Industrial Networks
- Author
-
Ho Ming Tay, Julian L. Rrushi, Bing Liu, Nasir Sharaf, Kai Xu, and Mohammad Yahya
- Subjects
Exploit ,Network packet ,Semantics (computer science) ,Distributed computing ,Leverage (statistics) ,Malware ,Intrusion detection system ,Industrial control system ,Ontology (information science) ,computer.software_genre ,computer - Abstract
Industrial control systems (ICS) exchange network traffic carrying payloads that are closely related to the physics of industrial equipment and processes. We leverage this factor to develop a machine reasoning approach that inspects network packet payloads in terms of their relationship to physics. We found that exploits and malware are unambiguously detected, since they inject machine instructions, addresses, and other data that clearly depart from physics. We developed an ontology integrated with the knowledge of physics, which we tested against exploits of a large number of public vulnerabilities that affect industrial control systems. We also ran our approach in several case studies that involved ICS control of an electrical motor, which we describe in the paper.
- Published
- 2020