IDEAS home Printed from https://ideas.repec.org/a/eee/reensy/v188y2019icp584-603.html
   My bibliography  Save this article

An approach based on behavioral models and critical states distance notion for improving cybersecurity of industrial control systems

Author

Listed:
  • SICARD, Franck
  • ZAMAI, Éric
  • FLAUS, Jean-Marie

Abstract

Since the beginning of the 21th century, Industrial Control Systems (ICS) have been targeted by hackers. The main motives for the interest to ICS is the ease for performing cyberattacks and the potential damages inflicted to the system and its environment in case of success. The purpose of this paper is to propose an approach for detecting malicious orders in discrete-event system. Four types of attacks (direct, sequential, temporal and over-soliciting) that affect an industrial system are studied in this work. Based on the vulnerabilities in ICS and the positioning of other techniques, an innovative methodology is exposed in this paper to develop detection mechanisms based on the “automation-knowledge†. Thus, by using models of system with an improved notion of distance and trajectory, our filters based approach provides good results for detecting cyberattacks in lower levels of ICS architecture by analyzing the malicious nature of the orders sent. Different types of detection mechanisms based on the concept of distance and trajectory are detailed in this study. We also provide results on simulation examples and an industrial platform. To conclude, improvements of our approach are discussed.

Suggested Citation

  • SICARD, Franck & ZAMAI, Éric & FLAUS, Jean-Marie, 2019. "An approach based on behavioral models and critical states distance notion for improving cybersecurity of industrial control systems," Reliability Engineering and System Safety, Elsevier, vol. 188(C), pages 584-603.
    • Handle: RePEc:eee:reensy:v:188:y:2019:i:c:p:584-603
    DOI: 10.1016/j.ress.2019.03.020
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S095183201830262X
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ress.2019.03.020?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Barbosa, Rafael Ramos Regis & Sadre, Ramin & Pras, Aiko, 2016. "Exploiting traffic periodicity in industrial control networks," International Journal of Critical Infrastructure Protection, Elsevier, vol. 13(C), pages 52-62.
    2. Basnight, Zachry & Butts, Jonathan & Lopez, Juan & Dube, Thomas, 2013. "Firmware modification attacks on programmable logic controllers," International Journal of Critical Infrastructure Protection, Elsevier, vol. 6(2), pages 76-84.
    3. Nai Fovino, Igor & Masera, Marcelo & De Cian, Alessio, 2009. "Integrating cyber attacks within fault trees," Reliability Engineering and System Safety, Elsevier, vol. 94(9), pages 1394-1402.
    4. Clotet, Xavier & Moyano, José & León, Gladys, 2018. "A real-time anomaly-based IDS for cyber-attack detection at the industrial process level of Critical Infrastructures," International Journal of Critical Infrastructure Protection, Elsevier, vol. 23(C), pages 11-20.
    5. Erez, Noam & Wool, Avishai, 2015. "Control variable classification, modeling and anomaly detection in Modbus/TCP SCADA systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 10(C), pages 59-70.
    6. Schuett, Carl & Butts, Jonathan & Dunlap, Stephen, 2014. "An evaluation of modification attacks on programmable logic controllers," International Journal of Critical Infrastructure Protection, Elsevier, vol. 7(1), pages 61-68.
    7. Dang Trinh Nguyen & Quoc Bao Duong & Eric Zamai & Muhammad Kashif Shahzad, 2016. "Fault diagnosis for the complex manufacturing system," Journal of Risk and Reliability, , vol. 230(2), pages 178-194, April.
    8. Jarmakiewicz, Jacek & Parobczak, Krzysztof & Maślanka, Krzysztof, 2017. "Cybersecurity protection for power grid control infrastructures," International Journal of Critical Infrastructure Protection, Elsevier, vol. 18(C), pages 20-33.
    9. Piètre-Cambacédès, L. & Bouissou, M., 2013. "Cross-fertilization between safety and security engineering," Reliability Engineering and System Safety, Elsevier, vol. 110(C), pages 110-126.
    10. Goldenberg, Niv & Wool, Avishai, 2013. "Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 6(2), pages 63-75.
    11. Nandan Rao & Shubhra Srivastava & Sreekanth K.S., 2017. "PKI Deployment Challenges and Recommendations for ICS Networks," International Journal of Information Security and Privacy (IJISP), IGI Global, vol. 11(2), pages 38-48, April.
    12. Kriaa, Siwar & Pietre-Cambacedes, Ludovic & Bouissou, Marc & Halgand, Yoran, 2015. "A survey of approaches combining safety and security for industrial control systems," Reliability Engineering and System Safety, Elsevier, vol. 139(C), pages 156-178.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Monzer, Mohamad-Houssein & Beydoun, Kamal & Ghaith, Alaa & Flaus, Jean-Marie, 2022. "Model-based IDS design for ICSs," Reliability Engineering and System Safety, Elsevier, vol. 225(C).
    2. Alanen, Jarmo & Linnosmaa, Joonas & Malm, Timo & Papakonstantinou, Nikolaos & Ahonen, Toni & Heikkilä, Eetu & Tiusanen, Risto, 2022. "Hybrid ontology for safety, security, and dependability risk assessments and Security Threat Analysis (STA) method for industrial control systems," Reliability Engineering and System Safety, Elsevier, vol. 220(C).
    3. Chatterjee, Samrat & Thekdi, Shital, 2020. "An iterative learning and inference approach to managing dynamic cyber vulnerabilities of complex systems," Reliability Engineering and System Safety, Elsevier, vol. 193(C).
    4. Safari, Mohammad & Parvinnia, Elham & Haddad, Alireza Keshavarz, 2021. "Industrial intrusion detection based on the behavior of rotating machine," International Journal of Critical Infrastructure Protection, Elsevier, vol. 34(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Georgios Kavallieratos & Sokratis Katsikas & Vasileios Gkioulos, 2020. "Cybersecurity and Safety Co-Engineering of Cyberphysical Systems—A Comprehensive Survey," Future Internet, MDPI, vol. 12(4), pages 1-17, April.
    2. Safari, Mohammad & Parvinnia, Elham & Haddad, Alireza Keshavarz, 2021. "Industrial intrusion detection based on the behavior of rotating machine," International Journal of Critical Infrastructure Protection, Elsevier, vol. 34(C).
    3. Wang, Wei & Cammi, Antonio & Di Maio, Francesco & Lorenzi, Stefano & Zio, Enrico, 2018. "A Monte Carlo-based exploration framework for identifying components vulnerable to cyber threats in nuclear power plants," Reliability Engineering and System Safety, Elsevier, vol. 175(C), pages 24-37.
    4. Yadav, Geeta & Paul, Kolin, 2021. "Architecture and security of SCADA systems: A review," International Journal of Critical Infrastructure Protection, Elsevier, vol. 34(C).
    5. Monzer, Mohamad-Houssein & Beydoun, Kamal & Ghaith, Alaa & Flaus, Jean-Marie, 2022. "Model-based IDS design for ICSs," Reliability Engineering and System Safety, Elsevier, vol. 225(C).
    6. Kim, Hee Eun & Son, Han Seong & Kim, Jonghyun & Kang, Hyun Gook, 2017. "Systematic development of scenarios caused by cyber-attack-induced human errors in nuclear power plants," Reliability Engineering and System Safety, Elsevier, vol. 167(C), pages 290-301.
    7. Zio, E., 2018. "The future of risk assessment," Reliability Engineering and System Safety, Elsevier, vol. 177(C), pages 176-190.
    8. Kriaa, Siwar & Pietre-Cambacedes, Ludovic & Bouissou, Marc & Halgand, Yoran, 2015. "A survey of approaches combining safety and security for industrial control systems," Reliability Engineering and System Safety, Elsevier, vol. 139(C), pages 156-178.
    9. Jarmakiewicz, Jacek & Parobczak, Krzysztof & Maślanka, Krzysztof, 2017. "Cybersecurity protection for power grid control infrastructures," International Journal of Critical Infrastructure Protection, Elsevier, vol. 18(C), pages 20-33.
    10. CHERIFI, Tarek & HAMAMI, Lamia, 2018. "A practical implementation of unconditional security for the IEC 60780-5-101 SCADA protocol," International Journal of Critical Infrastructure Protection, Elsevier, vol. 20(C), pages 68-84.
    11. Gopal Vishwakarma & Wonjun Lee, 2018. "Exploiting JTAG and Its Mitigation in IOT: A Survey," Future Internet, MDPI, vol. 10(12), pages 1-18, December.
    12. adepu, Sridhar & Mathur, Aditya, 2021. "SafeCI: Avoiding process anomalies in critical infrastructure," International Journal of Critical Infrastructure Protection, Elsevier, vol. 34(C).
    13. Alanen, Jarmo & Linnosmaa, Joonas & Malm, Timo & Papakonstantinou, Nikolaos & Ahonen, Toni & Heikkilä, Eetu & Tiusanen, Risto, 2022. "Hybrid ontology for safety, security, and dependability risk assessments and Security Threat Analysis (STA) method for industrial control systems," Reliability Engineering and System Safety, Elsevier, vol. 220(C).
    14. Lin, Chih-Yuan & Nadjm-Tehrani, Simin, 2023. "Protocol study and anomaly detection for server-driven traffic in SCADA networks," International Journal of Critical Infrastructure Protection, Elsevier, vol. 42(C).
    15. Zhu, Ruijin & Zhang, Baofeng & Mao, Junjie & Zhang, Quanxin & Tan, Yu-an, 2017. "A methodology for determining the image base of ARM-based industrial control system firmware," International Journal of Critical Infrastructure Protection, Elsevier, vol. 16(C), pages 26-35.
    16. Evgeny Lisin & Wadim Strielkowski & Veronika Chernova & Alena Fomina, 2018. "Assessment of the Territorial Energy Security in the Context of Energy Systems Integration," Energies, MDPI, vol. 11(12), pages 1-14, November.
    17. Hussain, Shahbaz & Hernandez Fernandez, Javier & Al-Ali, Abdulla Khalid & Shikfa, Abdullatif, 2021. "Vulnerabilities and countermeasures in electrical substations," International Journal of Critical Infrastructure Protection, Elsevier, vol. 33(C).
    18. Jingjing Hao & Guangsheng Han, 2020. "On the Modeling of Automotive Security: A Survey of Methods and Perspectives," Future Internet, MDPI, vol. 12(11), pages 1-17, November.
    19. Robles-Durazno, Andres & Moradpoor, Naghmeh & McWhinnie, James & Russell, Gordon & Maneru-Marin, Inaki, 2019. "PLC memory attack detection and response in a clean water supply system," International Journal of Critical Infrastructure Protection, Elsevier, vol. 26(C).
    20. Han, Sang Min & Lee, Chanyoung & Seong, Poong Hyun, 2022. "Estimating the frequency of cyber threats to nuclear power plants based on operating experience analysis," International Journal of Critical Infrastructure Protection, Elsevier, vol. 37(C).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:reensy:v:188:y:2019:i:c:p:584-603. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/reliability-engineering-and-system-safety .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.