Snapshotter: Lightweight intrusion detection and prevention system for industrial control systems

C. Jin; S. Valizadeh; M. Van Dijk

doi:10.1109/ICPHYS.2018.8390813

Snapshotter: Lightweight intrusion detection and prevention system for industrial control systems

C. Jin
, S. Valizadeh
, M. Van Dijk

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

© 2018 IEEE.In recent years, security aspects of industrial control systems (ICS) have become a center of interest in cyberwarfare and engineering research, especially after the rise of advanced and sophisticated malware (e.g., Stuxnet) specifically designed to target such systems for different malicious purposes including industrial espionage, physical damage, financial gains, etc. Of special interest to us are programmable logic controllers (PLC) which play a major role in ICS for process control purposes in different industries such as telecommunications, chemical processing, etc. A successful compromise of such controllers provides a malefic adversary the capability to inject arbitrary (malicious) code into the system in hopes of industrial process steering. Therefore, we investigate how a forward secure logging mechanism can be used for intrusion detection and prevention purposes in such cases. The proposed defense mechanism can be summarized in security-related information gathering and fast forward-secure logging by an intrusion detection agent, in addition to log analysis, incident identification and response by a trusted server. We implemented our proposal on the OpenPLC framework as the proof of concept and we show how our proposed scheme can be effective in order to detect and prevent adversaries from running arbitrary code on the controllers. The performance overhead we measured on our platform is at most 54 μs per scan cycle, which confirms how lightweight the presented solution is.

Original language	English
Title of host publication	Proceedings - 2018 IEEE Industrial Cyber-Physical Systems, ICPS 2018
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	824-829
ISBN (Electronic)	9781538665312
DOIs	https://doi.org/10.1109/ICPHYS.2018.8390813
Publication status	Published - 15 Jun 2018
Externally published	Yes
Event	1st IEEE International Conference on Industrial Cyber-Physical Systems, ICPS 2018 - Saint Petersburg, Russian Federation Duration: 15 May 2018 → 18 May 2018

Conference

Conference	1st IEEE International Conference on Industrial Cyber-Physical Systems, ICPS 2018
Country/Territory	Russian Federation
City	Saint Petersburg
Period	15/05/18 → 18/05/18

Funding

The authors would like to thank Thiago Alves and Mason Ginter for the helpful discussion. This project was supported in part by the AFOSR MURI under award number FA9550-14-1-0351, and in part funded by an NSF grant CNS-1617774“Self-Recovering Certificate Authorities using Backward and Forward Secure Key Management”.

Funders	Funder number
AFOSR MURI	FA9550-14-1-0351
National Science Foundation	CNS-1617774

Access to Document

10.1109/ICPHYS.2018.8390813

Persistent URL (handle)

Persistent link

Cite this

@inproceedings{1b94913f3e864bf787b2f0c000e6f78d,

title = "Snapshotter: Lightweight intrusion detection and prevention system for industrial control systems",

abstract = "{\textcopyright} 2018 IEEE.In recent years, security aspects of industrial control systems (ICS) have become a center of interest in cyberwarfare and engineering research, especially after the rise of advanced and sophisticated malware (e.g., Stuxnet) specifically designed to target such systems for different malicious purposes including industrial espionage, physical damage, financial gains, etc. Of special interest to us are programmable logic controllers (PLC) which play a major role in ICS for process control purposes in different industries such as telecommunications, chemical processing, etc. A successful compromise of such controllers provides a malefic adversary the capability to inject arbitrary (malicious) code into the system in hopes of industrial process steering. Therefore, we investigate how a forward secure logging mechanism can be used for intrusion detection and prevention purposes in such cases. The proposed defense mechanism can be summarized in security-related information gathering and fast forward-secure logging by an intrusion detection agent, in addition to log analysis, incident identification and response by a trusted server. We implemented our proposal on the OpenPLC framework as the proof of concept and we show how our proposed scheme can be effective in order to detect and prevent adversaries from running arbitrary code on the controllers. The performance overhead we measured on our platform is at most 54 μs per scan cycle, which confirms how lightweight the presented solution is.",

author = "C. Jin and S. Valizadeh and \{Van Dijk\}, M.",

year = "2018",

month = jun,

day = "15",

doi = "10.1109/ICPHYS.2018.8390813",

language = "English",

pages = "824--829",

booktitle = "Proceedings - 2018 IEEE Industrial Cyber-Physical Systems, ICPS 2018",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

address = "United States",

note = "1st IEEE International Conference on Industrial Cyber-Physical Systems, ICPS 2018 ; Conference date: 15-05-2018 Through 18-05-2018",

}

Jin, C, Valizadeh, S & Van Dijk, M 2018, Snapshotter: Lightweight intrusion detection and prevention system for industrial control systems. in Proceedings - 2018 IEEE Industrial Cyber-Physical Systems, ICPS 2018. Institute of Electrical and Electronics Engineers Inc., pp. 824-829, 1st IEEE International Conference on Industrial Cyber-Physical Systems, ICPS 2018, Saint Petersburg, Russian Federation, 15/05/18. https://doi.org/10.1109/ICPHYS.2018.8390813

Snapshotter: Lightweight intrusion detection and prevention system for industrial control systems. / Jin, C.; Valizadeh, S.; Van Dijk, M.
Proceedings - 2018 IEEE Industrial Cyber-Physical Systems, ICPS 2018. Institute of Electrical and Electronics Engineers Inc., 2018. p. 824-829.

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Snapshotter

T2 - 1st IEEE International Conference on Industrial Cyber-Physical Systems, ICPS 2018

AU - Jin, C.

AU - Valizadeh, S.

AU - Van Dijk, M.

PY - 2018/6/15

Y1 - 2018/6/15

N2 - © 2018 IEEE.In recent years, security aspects of industrial control systems (ICS) have become a center of interest in cyberwarfare and engineering research, especially after the rise of advanced and sophisticated malware (e.g., Stuxnet) specifically designed to target such systems for different malicious purposes including industrial espionage, physical damage, financial gains, etc. Of special interest to us are programmable logic controllers (PLC) which play a major role in ICS for process control purposes in different industries such as telecommunications, chemical processing, etc. A successful compromise of such controllers provides a malefic adversary the capability to inject arbitrary (malicious) code into the system in hopes of industrial process steering. Therefore, we investigate how a forward secure logging mechanism can be used for intrusion detection and prevention purposes in such cases. The proposed defense mechanism can be summarized in security-related information gathering and fast forward-secure logging by an intrusion detection agent, in addition to log analysis, incident identification and response by a trusted server. We implemented our proposal on the OpenPLC framework as the proof of concept and we show how our proposed scheme can be effective in order to detect and prevent adversaries from running arbitrary code on the controllers. The performance overhead we measured on our platform is at most 54 μs per scan cycle, which confirms how lightweight the presented solution is.

AB - © 2018 IEEE.In recent years, security aspects of industrial control systems (ICS) have become a center of interest in cyberwarfare and engineering research, especially after the rise of advanced and sophisticated malware (e.g., Stuxnet) specifically designed to target such systems for different malicious purposes including industrial espionage, physical damage, financial gains, etc. Of special interest to us are programmable logic controllers (PLC) which play a major role in ICS for process control purposes in different industries such as telecommunications, chemical processing, etc. A successful compromise of such controllers provides a malefic adversary the capability to inject arbitrary (malicious) code into the system in hopes of industrial process steering. Therefore, we investigate how a forward secure logging mechanism can be used for intrusion detection and prevention purposes in such cases. The proposed defense mechanism can be summarized in security-related information gathering and fast forward-secure logging by an intrusion detection agent, in addition to log analysis, incident identification and response by a trusted server. We implemented our proposal on the OpenPLC framework as the proof of concept and we show how our proposed scheme can be effective in order to detect and prevent adversaries from running arbitrary code on the controllers. The performance overhead we measured on our platform is at most 54 μs per scan cycle, which confirms how lightweight the presented solution is.

UR - https://www.scopus.com/pages/publications/85050116615

U2 - 10.1109/ICPHYS.2018.8390813

DO - 10.1109/ICPHYS.2018.8390813

M3 - Conference contribution

SP - 824

EP - 829

BT - Proceedings - 2018 IEEE Industrial Cyber-Physical Systems, ICPS 2018

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 15 May 2018 through 18 May 2018

ER -

Snapshotter: Lightweight intrusion detection and prevention system for industrial control systems

Abstract

Conference

Funding

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this