Detecting PLC Intrusions Using Control Invariants
- 4 April 2022
- journal article
- research article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Internet of Things Journal
- Vol. 9 (12), 9934-9947
- https://doi.org/10.1109/jiot.2022.3164723
Abstract
Programmable logic controllers (PLCs), i.e., the core of control systems, are well-known to be vulnerable to a variety of cyber attacks. To mitigate this issue, we design PLC-Sleuth , a novel noninvasive intrusion detection/localization system for PLCs, which is built on a set of control invariants—i.e., the correlations between sensor readings and the concomitantly triggered PLC commands—that exist pervasively in all control systems. Specifically, taking the system’s supervisory control and data acquisition log as input, PLC-Sleuth abstracts/identifies the system’s control invariants as a control graph using data-driven structure learning, and then monitors the weights of graph edges to detect anomalies thereof, which is in turn, a sign of intrusion. We have implemented and evaluated PLC-Sleuth using both a platform of ethanol distillation system (EDS) and a realistically simulated Tennessee Eastman (TE) process. The results show that PLC-Sleuth can: 1) identify control invariants with 100%/98.11% accuracy for EDS/TE; 2) detect PLC intrusions with 98.33%/0.85 ‰ true/false positives (TPs/FPs) for EDS and 100%/0% TP/FP for TE; and 3) localize intrusions with 93.22%/96.76% accuracy for EDS/TE.Keywords
Funding Information
- Science and Technology Innovation 2030 Program (2018AAA0101605)
- National Natural Science Foundation of China (61833015, 61903328)
- Zhejiang Provincial Natural Science Foundation (LZ22F030010)
- Institutional Grant at UC Denver
This publication has 42 references indexed in Scilit:
- Distributed Detection of Single-Stage Multipoint Cyber Attacks in a Water Treatment PlantPublished by Association for Computing Machinery (ACM) ,2016
- Detecting Industrial Control Malware Using Automated PLC Code AnalyticsIEEE Security & Privacy, 2014
- A Trusted Safety Verifier for Process Controller CodePublished by Internet Society ,2014
- Firmware modification attacks on programmable logic controllersInternational Journal of Critical Infrastructure Protection, 2013
- Arcade.PLC: a verification platform for programmable logic controllersPublished by Association for Computing Machinery (ACM) ,2012
- What Caused Tower Malfunctions in the Last 50 Years?Chemical Engineering Research and Design, 2003
- The mutual information: Detecting and evaluating dependencies between variablesBioinformatics, 2002
- LEARNING BAYESIAN BELIEF NETWORKS: AN APPROACH BASED ON THE MDL PRINCIPLEComputational Intelligence, 1994
- A plant-wide industrial process control problemComputers & Chemical Engineering, 1993
- A Bayesian method for the induction of probabilistic networks from dataMachine Learning, 1992