Engineering Edge Security in Industrial Control Systems

  • Piroska HallerEmail author
  • Béla Genge
  • Adrian-Vasile Duka
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


Industrial Controllers (e.g., Programmable Logical Controllers – PLCs, and Remote Terminal Units – RTUs) have been specialized to deliver robust control strategies. However, little has been done towards the integration of security strategies within their application-layer. This chapter investigates the integration of security solutions within the industrial control system’s “edge” devices – the Industrial Controller (IC). As a specific case study it demonstrates the implementation of a simple anomaly detection engine traditional in control applications. The approach shows that the scheduling rate of control applications is significantly affected by various events, such as a change in the number of network packets, configuration interventions, etc. Implementations realized on a Phoenix Contact ILC 350-PN controller demonstrate the feasibility and applicability of the proposed methodology.



This work was supported by a grant of the Romanian National Authority for Scientific Research and Innovation, CNCS/CCCDI-UEFISCDI, project number PN-III-P2-2.1-BG-2016-0013, within PNCDI III.


  1. 1.
    Almalawi A, Fahad A, Tari Z, Alamri A, AlGhamdi R, Zomaya AY (2016) An efficient data-driven clustering technique to detect attacks in scada systems. IEEE Trans Inf Forensics Secur 11(5):893–906. CrossRefGoogle Scholar
  2. 2.
    Bini E, Nguyen THC, Richard P, Baruah SK (2009) A response-time bound in fixed-priority scheduling with arbitrary deadlines. IEEE Trans Comput 58(2):279–286MathSciNetCrossRefGoogle Scholar
  3. 3.
    Carcano A, Coletta A, Guglielmi M, Masera M, Fovino IN, Trombetta A (2011) A multidimensional critical state analysis for detecting intrusions in SCADA systems. IEEE Trans Ind Inf 7(2):179–186. CrossRefGoogle Scholar
  4. 4.
    Cárdenas AA, Amin S, Lin ZS, Huang YL, Huang CY, Sastry S (2011) Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS’11. ACM, New York, pp 355–366. Google Scholar
  5. 5.
    Chen B, Ho DWC, Zhang WA, Yu L (2017) Distributed dimensionality reduction fusion estimation for cyber-physical systems under dos attacks. IEEE Trans Syst Man Cybern Syst PP(99):1–14.
  6. 6.
    Di Pietro A, Panzieri S, Gasparri A (2015) Situational awareness using distributed data fusion with evidence discounting. In: Rice M, Shenoi S (eds) Critical infrastructure protection IX. Springer, Cham, pp 281–296CrossRefGoogle Scholar
  7. 7.
    Filippini R, Silva A (2014) A modeling framework for the resilience analysis of networked systems-of-systems based on functional dependencies. Reliab Eng Syst Saf 125:82–91., CrossRefGoogle Scholar
  8. 8.
    Fovino IN, Coletta A, Carcano A, Masera M (2012) Critical state-based filtering system for securing SCADA network protocols. IEEE Trans Ind Electron 59(10):3943–3950. CrossRefGoogle Scholar
  9. 9.
    Genge B, Rusu DA, Haller P (2014) A connection pattern-based approach to detect network traffic anomalies in critical infrastructures. In: Proceedings of the Seventh European Workshop on System Security, EuroSec’14. ACM, New York, pp 1:1–1:6.
  10. 10.
    Genge B, Siaterlis C, Karopoulos G (2013) Data fusion-base anomay detection in networked critical infrastructures. In: 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W), pp 1–8.
  11. 11.
    Giani A, Bent R, Pan F (2014) Phasor measurement unit selection for unobservable electric power data integrity attack detection. Int J Crit Infrastruct Prot 7(3):155–164., CrossRefGoogle Scholar
  12. 12.
    Giraldo J, Cardenas A, Quijano N (2017) Integrity attacks on real-time pricing in smart grids: impact and countermeasures. IEEE Trans Smart Grid 8(5):2249–2257. CrossRefGoogle Scholar
  13. 13.
    Ha D, Ahmed U, Pyun H, Lee CJ, Baek KH, Han C (2017) Multi-mode operation of principal component analysis with k-nearest neighbor algorithm to monitor compressors for liquefied natural gas mixed refrigerant processes. Comput Chem Eng 106:96–105., ESCAPE-26CrossRefGoogle Scholar
  14. 14.
    Hagerott M (2014) Stuxnet and the vital role of critical infrastructure operators and engineers. Int J Crit Infrastruct Prot 7(4):244–246CrossRefGoogle Scholar
  15. 15.
    Haller P, Genge B (2017) Using sensitivity analysis and cross-association for the design of intrusion detection systems in industrial cyber-physical systems. IEEE Access 5:9336–9347. CrossRefGoogle Scholar
  16. 16.
    Kiss I, Genge B, Haller P, Sebestyén G (2014) Data clustering-based anomaly detection in industrial control systems. In: 2014 IEEE 10th International Conference on Intelligent Computer Communication and Processing (ICCP), pp 275–281.
  17. 17.
    Montgomery DC (2013) Introduction to statistical quality control. Wiley, New YorkzbMATHGoogle Scholar
  18. 18.
    Page ES (1954) Continuous inspection schemes. Biometrika 41(1/2):100–115MathSciNetCrossRefGoogle Scholar
  19. 19.
    Phoenix Contact GmbH Co. K (2010) PC WORX 6 IEC 61131-ProgrammingGoogle Scholar
  20. 20.
    Portnoy I, Melendez K, Pinzon H, Sanjuan M (2016) An improved weighted recursive PCA algorithm for adaptive fault detection. Control Eng Pract 50:69–83., CrossRefGoogle Scholar
  21. 21.
    Rubio JE, Alcaraz C, Roman R, Lopez J (2017) Analysis of intrusion detection systems in industrial ecosystems. In: Proceedings of the 14th International Joint Conference on E-Business and Telecommunications (ICETE 2017) – vol 4: SECRYPT, Madrid, 24–26 July 2017, pp 116–128.
  22. 22.
    Shitharth S, Prince Winston D (2017) An enhanced optimization based algorithm for intrusion detection in SCADA network. Comput Secur 70(Supplement C):16–26., CrossRefGoogle Scholar
  23. 23.
    Stone S, Temple M (2012) Radio-frequency-based anomaly detection for programmable logic controllers in the critical infrastructure. Int J Crit Infrastruct Prot 5(2):66–73., CrossRefGoogle Scholar
  24. 24.
    Symantec (2014) Dragonfly: cyberespionage attacks against energy suppliers. Symantec Security ResponseGoogle Scholar
  25. 25.
    Wan M, Shang W, Zeng P (2017) Double behavior characteristics for one-class classification anomaly detection in networked control systems. IEEE Trans Inf Forensics Secur 12(12):3011–3023. CrossRefGoogle Scholar
  26. 26.
    Wang B, Mao Z (2018) One-class classifiers ensemble based anomaly detection scheme for process control systems. Trans Inst Meas Control 40(12):3466–3476CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Piroska Haller
    • 1
    Email author
  • Béla Genge
    • 1
  • Adrian-Vasile Duka
    • 1
  1. 1.Petru Maior University of Tîrgu MureşTîrgu MureşRomania

Personalised recommendations