Mobile Networks and Applications

, Volume 23, Issue 4, pp 809–816 | Cite as

Smart Behavioural Filter for Industrial Internet of Things

A Security Extension for PLC
  • Giovanni CorbòEmail author
  • Chiara Foglietta
  • Cosimo Palazzo
  • Stefano Panzieri


We are currently experiencing the fourth industrial revolution. This is what the German government initiative, first, has identified with ‘Industry 4.0’. The manufacturing future will be marked and will go through the new automation technologies that are being introduced with Industrial Internet of Things (I2oT). Industrial Control Systems (ICSs) are exploiting I2oT for reducing costs and improving efficiency. However, ICSs are already jeopardized by an increasingly large set of threat vectors. Those threats are used by malicious actors to misuse physical Critical Infrastructures that usually are vital services for well-being. I2oT implementation increases the threat surface, generating new possible vulnerabilities. Information Technology (IT) classical approaches to cyber attacks cannot be applied to ICS due to their extreme differences from main priorities to resource constrains. Therefore, innovative approaches and equipment must be developed to suit with ICS world. In this paper, a Smart Behavioural Filter (SBF) for the PLCs (Programmable Logic Controllers) is proposed aiming to secure the PLC itself against logic attacks, that are stealth for other more classical security approaches. An example of the considered logic attacks is many open and close commands towards a valve in a short time. Those logic attacks are usually a sequence of well-formed packets in which the content represents an anomalous and unpredicted behaviour. This smart field equipment can react in short time to cyber attacks isolating the PLC, communicate with other equipment like itself and increasing in general the resilience of the physical system. It can also generate alarms for the local Intrusion Detection System (IDS). The proposed equipment has been developed and validated in a real test-bed within the FP7 CockpitCI project and H2020 ATENA project.


Industrial control system Security Logical filtering Industrial internet of things (I2oTs) Industry 4.0 



The research paper is partially supported by the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 700581 (ATENA - Advanced Tools to Assess and Mitigate the Criticality of ICT Components and Their Dependencies over Critical Infrastructures)


  1. 1.
  2. 2.
    The Bro Network Security Monitor.
  3. 3.
    Abdul Aziz MZ, Ibrahim MY, Omar AM, Ab Rahman R, Md Zan MM, Yusof MI (2012) Performance analysis of application layer firewall. In: 2012 IEEE Symposium on wireless technology and applications (ISWTA). IEEE, pp 182–186. doi: 10.1109/ISWTA.2012.6373838.
  4. 4.
    Di Pietro A, Foglietta C, Palmieri S, Panzieri S (2013) Assessing the impact of Cyber attacks on interdependent physical systems. Springer, Berlin Heidelberg, pp 215–227. doi: 10.1007/978-3-642-45330-4_15. Google Scholar
  5. 5.
    Feng Y, Foglietta C, Baiocco A, Panzieri S, Wolthusen SD (2013) Malicious false data injection in hierarchical electric power grid state estimation systems. In: Proceedings of the the fourth international conference on Future energy systems - e-Energy ’13. ACM Press, New York, p 183. doi: 10.1145/2487166.2487187. Google Scholar
  6. 6.
    Fung CJ, McCormick B (2015) VGuard: a distributed denial of service attack mitigation method using network function virtualization. In: 2015 11th International conference on network and service management (CNSM). IEEE, pp 64–70. doi: 10.1109/CNSM.2015.7367340.
  7. 7.
    Huitsing P, Chandia R, Papa M, Shenoi S (2008) Attack taxonomies for the Modbus protocols. Int J Crit Infrast Protect 1:37–44. doi: 10.1016/j.ijcip.2008.08.003 CrossRefGoogle Scholar
  8. 8.
    Kang DH, Kim BK, Na JC (2014) Cyber threats and defence approaches in SCADA systems. In: International conference on advanced communication technology, ICACT. Global IT Research Institute (GIRI), pp 324–327. doi: 10.1109/ICACT.2014.6778974.
  9. 9.
    Kushner D (2013) The real story of stuxnet. IEEE Spect 50(3):48–53. doi: 10.1109/MSPEC.2013.6471059. CrossRefGoogle Scholar
  10. 10.
    Li W, Xie L, Deng Z, Wang Z (2016) False sequential logic attack on SCADA system and its physical impact analysis. Comput Secur 58:149–159. doi: 10.1016/j.cose.2016.01.001 CrossRefGoogle Scholar
  11. 11.
    Li W, Xie L, Liu D, Wang Z (2014) False logic attacks on SCADA control system. In: 2014 Asia-Pacific services computing conference. IEEE, pp 136–140. doi: 10.1109/APSCC.2014.27.
  12. 12.
    Nivethan J, Papa M (2016) On the use of open-source firewalls in ICS/SCADA systems. Inf Secur J Glob Perspect 25(1–3):83–93. doi: 10.1080/19393555.2016.1172283. CrossRefGoogle Scholar
  13. 13.
    Piggin R. (2013) Development of industrial cyber security standards: IEC 62443 for scada and industrial control system security. In: IET Conference on control and automation 2013: uniting problems and solutions. Institution of Engineering and Technology, pp 11–11. doi: 10.1049/cp.2013.0001.
  14. 14.
    Sheth C, Thakker R (2011) Performance evaluation and comparative analysis of network firewalls. In: 2011 International conference on devices and communications (ICDeCom). IEEE, pp 1–5. doi: 10.1109/ICDECOM.2011.5738566.

Copyright information

© Springer Science+Business Media New York 2017

Authors and Affiliations

  1. 1.University “Roma TRE”RomeItaly

Personalised recommendations