Truth Will Out: Departure-Based Process-Level Detection of Stealthy Attacks on Control Systems
Paper i proceeding, 2018
Recent incidents have shown that Industrial Control Systems (ICS) are becoming increasingly susceptible to sophisticated and targeted attacks initiated by adversaries with high motivation, domain knowledge, and resources. Although traditional security mechanisms can be implemented at the IT-infrastructure level of such cyber-physical systems, the community has acknowledged that it is imperative to also monitor the process-level activity, as attacks on ICS may very well influence the physical process. In this paper, we present PASAD, a novel stealthy-attack detection mechanism that monitors time series of sensor measurements in real time for structural changes in the process behavior. We demonstrate the effectiveness of our approach through simulations and experiments on data from real systems. Experimental results show that PASAD is capable of detecting not only significant deviations in the process behavior, but also subtle attack-indicating changes, significantly raising the bar for strategic adversaries who may attempt to maintain their malicious manipulation within the noise level.
Intrusion Detection
Industrial Control Systems
Isometry Trick
Stealthy Attacks
Partial Isometry
Cyber-Physical Systems
Singular Spectrum Analysis
Departure Detection
Författare
Wissam Aoudi
Chalmers, Data- och informationsteknik, Nätverk och system
Mikel Iturbe
Mondragon Unibertsitatea
Magnus Almgren
Chalmers, Data- och informationsteknik, Nätverk och system
Proceedings of the ACM Conference on Computer and Communications Security
15437221 (ISSN)
817-831
25th ACM SIGSAC Conference on Computer and Communications Security
Toronto, Canada,
Toronto, Canada,
Säkra IT-system för drift och övervakning av samhällskritisk infrastruktur
Myndigheten för samhällsskydd och beredskap, 2015-09-01 -- 2020-08-31.
Styrkeområden
Informations- och kommunikationsteknik
Ämneskategorier
Datavetenskap (datalogi)
DOI
10.1145/3243734.3243781