Truth Will Out: Departure-Based Process-Level Detection of Stealthy Attacks on Control Systems
Paper in proceedings, 2018

Recent incidents have shown that Industrial Control Systems (ICS) are becoming increasingly susceptible to sophisticated and targeted attacks initiated by adversaries with high motivation, domain knowledge, and resources. Although traditional security mechanisms can be implemented at the IT-infrastructure level of such cyber-physical systems, the community has acknowledged that it is imperative to also monitor the process-level activity, as attacks on ICS may very well influence the physical process. In this paper, we present PASAD, a novel stealthy-attack detection mechanism that monitors time series of sensor measurements in real time for structural changes in the process behavior. We demonstrate the effectiveness of our approach through simulations and experiments on data from real systems. Experimental results show that PASAD is capable of detecting not only significant deviations in the process behavior, but also subtle attack-indicating changes, significantly raising the bar for strategic adversaries who may attempt to maintain their malicious manipulation within the noise level.

Intrusion Detection

Industrial Control Systems

Isometry Trick

Stealthy Attacks

Partial Isometry

Cyber-Physical Systems

Singular Spectrum Analysis

Departure Detection

Author

Wissam Aoudi

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Mikel Iturbe

Mondragon Unibertsitatea

Magnus Almgren

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Proceedings of the ACM Conference on Computer and Communications Security

15437221 (ISSN)

817-831

25th ACM SIGSAC Conference on Computer and Communications Security
Toronto, Canada,

Resilient Information and Control Systems (RICS)

Swedish Civil Contingencies Agency, 2015-09-01 -- 2020-08-31.

Areas of Advance

Information and Communication Technology

Subject Categories

Computer Science

DOI

10.1145/3243734.3243781

More information

Latest update

1/22/2019