Abstract
Industrial Controllers (e.g., Programmable Logical Controllers – PLCs, and Remote Terminal Units – RTUs) have been specialized to deliver robust control strategies. However, little has been done towards the integration of security strategies within their application-layer. This chapter investigates the integration of security solutions within the industrial control system’s “edge” devices – the Industrial Controller (IC). As a specific case study it demonstrates the implementation of a simple anomaly detection engine traditional in control applications. The approach shows that the scheduling rate of control applications is significantly affected by various events, such as a change in the number of network packets, configuration interventions, etc. Implementations realized on a Phoenix Contact ILC 350-PN controller demonstrate the feasibility and applicability of the proposed methodology.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Almalawi A, Fahad A, Tari Z, Alamri A, AlGhamdi R, Zomaya AY (2016) An efficient data-driven clustering technique to detect attacks in scada systems. IEEE Trans Inf Forensics Secur 11(5):893–906. https://doi.org/10.1109/TIFS.2015.2512522
Bini E, Nguyen THC, Richard P, Baruah SK (2009) A response-time bound in fixed-priority scheduling with arbitrary deadlines. IEEE Trans Comput 58(2):279–286
Carcano A, Coletta A, Guglielmi M, Masera M, Fovino IN, Trombetta A (2011) A multidimensional critical state analysis for detecting intrusions in SCADA systems. IEEE Trans Ind Inf 7(2):179–186. https://doi.org/10.1109/TII.2010.2099234
Cárdenas AA, Amin S, Lin ZS, Huang YL, Huang CY, Sastry S (2011) Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS’11. ACM, New York, pp 355–366. https://doi.org/10.1145/1966913.1966959
Chen B, Ho DWC, Zhang WA, Yu L (2017) Distributed dimensionality reduction fusion estimation for cyber-physical systems under dos attacks. IEEE Trans Syst Man Cybern Syst PP(99):1–14. https://doi.org/10.1109/TSMC.2017.2697450
Di Pietro A, Panzieri S, Gasparri A (2015) Situational awareness using distributed data fusion with evidence discounting. In: Rice M, Shenoi S (eds) Critical infrastructure protection IX. Springer, Cham, pp 281–296
Filippini R, Silva A (2014) A modeling framework for the resilience analysis of networked systems-of-systems based on functional dependencies. Reliab Eng Syst Saf 125:82–91. https://doi.org/10.1016/j.ress.2013.09.010, http://www.sciencedirect.com/science/article/pii/S0951832013002676
Fovino IN, Coletta A, Carcano A, Masera M (2012) Critical state-based filtering system for securing SCADA network protocols. IEEE Trans Ind Electron 59(10):3943–3950. https://doi.org/10.1109/TIE.2011.2181132
Genge B, Rusu DA, Haller P (2014) A connection pattern-based approach to detect network traffic anomalies in critical infrastructures. In: Proceedings of the Seventh European Workshop on System Security, EuroSec’14. ACM, New York, pp 1:1–1:6. https://doi.org/10.1145/2592791.2592792
Genge B, Siaterlis C, Karopoulos G (2013) Data fusion-base anomay detection in networked critical infrastructures. In: 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W), pp 1–8. https://doi.org/10.1109/DSNW.2013.6615505
Giani A, Bent R, Pan F (2014) Phasor measurement unit selection for unobservable electric power data integrity attack detection. Int J Crit Infrastruct Prot 7(3):155–164. https://doi.org/10.1016/j.ijcip.2014.06.001, http://www.sciencedirect.com/science/article/pii/S1874548214000407
Giraldo J, Cardenas A, Quijano N (2017) Integrity attacks on real-time pricing in smart grids: impact and countermeasures. IEEE Trans Smart Grid 8(5):2249–2257. https://doi.org/10.1109/TSG.2016.2521339
Ha D, Ahmed U, Pyun H, Lee CJ, Baek KH, Han C (2017) Multi-mode operation of principal component analysis with k-nearest neighbor algorithm to monitor compressors for liquefied natural gas mixed refrigerant processes. Comput Chem Eng 106:96–105. https://doi.org/10.1016/j.compchemeng.2017.05.029, http://www.sciencedirect.com/science/article/pii/S0098135417302466. ESCAPE-26
Hagerott M (2014) Stuxnet and the vital role of critical infrastructure operators and engineers. Int J Crit Infrastruct Prot 7(4):244–246
Haller P, Genge B (2017) Using sensitivity analysis and cross-association for the design of intrusion detection systems in industrial cyber-physical systems. IEEE Access 5:9336–9347. https://doi.org/10.1109/ACCESS.2017.2703906
Kiss I, Genge B, Haller P, Sebestyén G (2014) Data clustering-based anomaly detection in industrial control systems. In: 2014 IEEE 10th International Conference on Intelligent Computer Communication and Processing (ICCP), pp 275–281. https://doi.org/10.1109/ICCP.2014.6937009
Montgomery DC (2013) Introduction to statistical quality control. Wiley, New York
Page ES (1954) Continuous inspection schemes. Biometrika 41(1/2):100–115
Phoenix Contact GmbH Co. K (2010) PC WORX 6 IEC 61131-Programming
Portnoy I, Melendez K, Pinzon H, Sanjuan M (2016) An improved weighted recursive PCA algorithm for adaptive fault detection. Control Eng Pract 50:69–83. https://doi.org/10.1016/j.conengprac.2016.02.010, http://www.sciencedirect.com/science/article/pii/S0967066116300326
Rubio JE, Alcaraz C, Roman R, Lopez J (2017) Analysis of intrusion detection systems in industrial ecosystems. In: Proceedings of the 14th International Joint Conference on E-Business and Telecommunications (ICETE 2017) – vol 4: SECRYPT, Madrid, 24–26 July 2017, pp 116–128. https://doi.org/10.5220/0006426301160128
Shitharth S, Prince Winston D (2017) An enhanced optimization based algorithm for intrusion detection in SCADA network. Comput Secur 70(Supplement C):16–26. https://doi.org/10.1016/j.cose.2017.04.012, http://www.sciencedirect.com/science/article/pii/S0167404817300901
Stone S, Temple M (2012) Radio-frequency-based anomaly detection for programmable logic controllers in the critical infrastructure. Int J Crit Infrastruct Prot 5(2):66–73. https://doi.org/10.1016/j.ijcip.2012.05.001, http://www.sciencedirect.com/science/article/pii/S1874548212000200
Symantec (2014) Dragonfly: cyberespionage attacks against energy suppliers. Symantec Security Response
Wan M, Shang W, Zeng P (2017) Double behavior characteristics for one-class classification anomaly detection in networked control systems. IEEE Trans Inf Forensics Secur 12(12):3011–3023. https://doi.org/10.1109/TIFS.2017.2730581
Wang B, Mao Z (2018) One-class classifiers ensemble based anomaly detection scheme for process control systems. Trans Inst Meas Control 40(12):3466–3476
Acknowledgements
This work was supported by a grant of the Romanian National Authority for Scientific Research and Innovation, CNCS/CCCDI-UEFISCDI, project number PN-III-P2-2.1-BG-2016-0013, within PNCDI III.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Haller, P., Genge, B., Duka, AV. (2019). Engineering Edge Security in Industrial Control Systems. In: Gritzalis, D., Theocharidou, M., Stergiopoulos, G. (eds) Critical Infrastructure Security and Resilience. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-00024-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-00024-0_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00023-3
Online ISBN: 978-3-030-00024-0
eBook Packages: Computer ScienceComputer Science (R0)