Machine learning-based defense against process-Aware attacks on Industrial Control Systems

Anastasis Keliris, Hossein Salehghaffari, Brian Cairl, Prashanth Krishnamurthy, Mihalis Maniatakos, Farshad Khorrami

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The modernization of Industrial Control Systems (ICS), primarily targeting increased efficiency and controllability through integration of Information Technologies (IT), introduced the unwanted side effect of extending the ICS cyber-security threat landscape. ICS are facing new security challenges and are exposed to the same vulnerabilities that plague IT, as demonstrated by the increasing number of incidents targeting ICS. Due to the criticality and unique nature of these systems, it is important to devise novel defense mechanisms that incorporate knowledge of the underlying physical model, and can detect attacks in early phases. To this end, we study a benchmark chemical process, and enumerate the various categories of attack vectors and their practical applicability on hardware controllers in a Hardware-In-The-Loop testbed. Leveraging the observed implications of the categorized attacks on the process, as well as the profile of typical disturbances, we follow a data-driven approach to detect anomalies that are early indicators of malicious activity.

Original languageEnglish (US)
Title of host publicationProceedings - 2016 IEEE International Test Conference, ITC 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781467387736
DOIs
StatePublished - Jan 4 2017
Event47th IEEE International Test Conference, ITC 2016 - Fort Worth, United States
Duration: Nov 15 2016Nov 17 2016

Other

Other47th IEEE International Test Conference, ITC 2016
CountryUnited States
CityFort Worth
Period11/15/1611/17/16

Fingerprint

Learning systems
Machine Learning
Control System
Attack
Control systems
Information Technology
Computer hardware
Information technology
Hardware-in-the-loop
Chemical Processes
Modernization
Criticality
Testbeds
Physical Model
Controllability
Vulnerability
Data-driven
Testbed
Anomaly
Disturbance

ASJC Scopus subject areas

  • Applied Mathematics
  • Electrical and Electronic Engineering

Cite this

Keliris, A., Salehghaffari, H., Cairl, B., Krishnamurthy, P., Maniatakos, M., & Khorrami, F. (2017). Machine learning-based defense against process-Aware attacks on Industrial Control Systems. In Proceedings - 2016 IEEE International Test Conference, ITC 2016 [7805855] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/TEST.2016.7805855

Machine learning-based defense against process-Aware attacks on Industrial Control Systems. / Keliris, Anastasis; Salehghaffari, Hossein; Cairl, Brian; Krishnamurthy, Prashanth; Maniatakos, Mihalis; Khorrami, Farshad.

Proceedings - 2016 IEEE International Test Conference, ITC 2016. Institute of Electrical and Electronics Engineers Inc., 2017. 7805855.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Keliris, A, Salehghaffari, H, Cairl, B, Krishnamurthy, P, Maniatakos, M & Khorrami, F 2017, Machine learning-based defense against process-Aware attacks on Industrial Control Systems. in Proceedings - 2016 IEEE International Test Conference, ITC 2016., 7805855, Institute of Electrical and Electronics Engineers Inc., 47th IEEE International Test Conference, ITC 2016, Fort Worth, United States, 11/15/16. https://doi.org/10.1109/TEST.2016.7805855
Keliris A, Salehghaffari H, Cairl B, Krishnamurthy P, Maniatakos M, Khorrami F. Machine learning-based defense against process-Aware attacks on Industrial Control Systems. In Proceedings - 2016 IEEE International Test Conference, ITC 2016. Institute of Electrical and Electronics Engineers Inc. 2017. 7805855 https://doi.org/10.1109/TEST.2016.7805855
Keliris, Anastasis ; Salehghaffari, Hossein ; Cairl, Brian ; Krishnamurthy, Prashanth ; Maniatakos, Mihalis ; Khorrami, Farshad. / Machine learning-based defense against process-Aware attacks on Industrial Control Systems. Proceedings - 2016 IEEE International Test Conference, ITC 2016. Institute of Electrical and Electronics Engineers Inc., 2017.
@inproceedings{8c4324dcfbd44090a04977b1e0be2ef8,
title = "Machine learning-based defense against process-Aware attacks on Industrial Control Systems",
abstract = "The modernization of Industrial Control Systems (ICS), primarily targeting increased efficiency and controllability through integration of Information Technologies (IT), introduced the unwanted side effect of extending the ICS cyber-security threat landscape. ICS are facing new security challenges and are exposed to the same vulnerabilities that plague IT, as demonstrated by the increasing number of incidents targeting ICS. Due to the criticality and unique nature of these systems, it is important to devise novel defense mechanisms that incorporate knowledge of the underlying physical model, and can detect attacks in early phases. To this end, we study a benchmark chemical process, and enumerate the various categories of attack vectors and their practical applicability on hardware controllers in a Hardware-In-The-Loop testbed. Leveraging the observed implications of the categorized attacks on the process, as well as the profile of typical disturbances, we follow a data-driven approach to detect anomalies that are early indicators of malicious activity.",
author = "Anastasis Keliris and Hossein Salehghaffari and Brian Cairl and Prashanth Krishnamurthy and Mihalis Maniatakos and Farshad Khorrami",
year = "2017",
month = "1",
day = "4",
doi = "10.1109/TEST.2016.7805855",
language = "English (US)",
booktitle = "Proceedings - 2016 IEEE International Test Conference, ITC 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

TY - GEN

T1 - Machine learning-based defense against process-Aware attacks on Industrial Control Systems

AU - Keliris, Anastasis

AU - Salehghaffari, Hossein

AU - Cairl, Brian

AU - Krishnamurthy, Prashanth

AU - Maniatakos, Mihalis

AU - Khorrami, Farshad

PY - 2017/1/4

Y1 - 2017/1/4

N2 - The modernization of Industrial Control Systems (ICS), primarily targeting increased efficiency and controllability through integration of Information Technologies (IT), introduced the unwanted side effect of extending the ICS cyber-security threat landscape. ICS are facing new security challenges and are exposed to the same vulnerabilities that plague IT, as demonstrated by the increasing number of incidents targeting ICS. Due to the criticality and unique nature of these systems, it is important to devise novel defense mechanisms that incorporate knowledge of the underlying physical model, and can detect attacks in early phases. To this end, we study a benchmark chemical process, and enumerate the various categories of attack vectors and their practical applicability on hardware controllers in a Hardware-In-The-Loop testbed. Leveraging the observed implications of the categorized attacks on the process, as well as the profile of typical disturbances, we follow a data-driven approach to detect anomalies that are early indicators of malicious activity.

AB - The modernization of Industrial Control Systems (ICS), primarily targeting increased efficiency and controllability through integration of Information Technologies (IT), introduced the unwanted side effect of extending the ICS cyber-security threat landscape. ICS are facing new security challenges and are exposed to the same vulnerabilities that plague IT, as demonstrated by the increasing number of incidents targeting ICS. Due to the criticality and unique nature of these systems, it is important to devise novel defense mechanisms that incorporate knowledge of the underlying physical model, and can detect attacks in early phases. To this end, we study a benchmark chemical process, and enumerate the various categories of attack vectors and their practical applicability on hardware controllers in a Hardware-In-The-Loop testbed. Leveraging the observed implications of the categorized attacks on the process, as well as the profile of typical disturbances, we follow a data-driven approach to detect anomalies that are early indicators of malicious activity.

UR - http://www.scopus.com/inward/record.url?scp=85013932114&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85013932114&partnerID=8YFLogxK

U2 - 10.1109/TEST.2016.7805855

DO - 10.1109/TEST.2016.7805855

M3 - Conference contribution

BT - Proceedings - 2016 IEEE International Test Conference, ITC 2016

PB - Institute of Electrical and Electronics Engineers Inc.

ER -