1. Detecting control system misbehavior by fingerprinting programmable logic controller functionality
- Author
-
Sean Peisert, Reinhard Gentz, Melissa Stockman, and Dipankar Dwivedi
- Subjects
Feature engineering ,Online and offline ,Information Systems and Management ,cybersecurity ,Computer science ,ComputerApplications_COMPUTERSINOTHERSYSTEMS ,computer.software_genre ,Stuxnet ,cyber-physical systems ,Convolutional neural network ,Civil Engineering ,Safety, Risk, Reliability and Quality ,programmable logic controller ,business.industry ,Programmable logic controller ,side channels ,Computation Theory and Mathematics ,Computer Science Applications ,Random forest ,machine learning ,Modeling and Simulation ,Control system ,Embedded system ,Malware ,business ,computer - Abstract
In recent years, attacks such as the Stuxnet malware have demonstrated that cyberattacks against control systems cause extensive damage. These attacks can result in physical damage to the networked systems under their control. In this paper, we discuss our approach for detecting such attacks by distinguishing between programs running on a programmable logic controller (PLC) without having to monitor communications. Using power signatures generated by an attached, high-frequency power measurement device, we can identify what a PLC is doing and when an attack may have altered what the PLC should be doing. To accomplish this, we generated labeled data for testing our methods and applied feature engineering techniques and machine learning models. The results demonstrate that Random Forests and Convolutional Neural Networks classify programs with up to 98% accuracy for major program differences and 84% accuracy for minor differences. Our results can be used for both online and offline applications.
- Published
- 2019