Affiliation:
1. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China
2. State Grid Henan Electric Power Research Institute, Zhengzhou 450001, China
Abstract
In industrial control systems (ICSs), the PROFIBUS-DP (decentralized peripherals) protocol is widely used for communication between devices. Because PROFIBUS-DP is an unencrypted and insecure bus protocol, attackers can connect to the PROFIBUS-DP system and arbitrarily manipulate I/O process values, which may interrupt the normal operation of industrial equipment, or have more serious consequences. However, due to the complex structures of bus networks and the large number of attack areas, the existing scheme does not monitor all the messages in the industrial head office network and cannot effectively detect semantic attacks. To solve this problem, we propose a novel attack detection system DpGuard. DpGuard automatically builds a finite-state machine model of normal ICS behavior through a large number of historical ICS traffic data. The model includes state events, state transitions, state transition probability, and other normal behavior information. In addition, DpGuard records the execution status of the context data package, uses the real-time captured data package as the input of the model, and judges whether the state event and state transition probability conform to the constraints of the finite-state machine model, so as to identify the legitimate normal behavior of the ICS. Our proposal was evaluated using two Siemens PLCs (programmable logic controllers) deployed on the PROFIBUS-DP system. The experimental results demonstrated that the scheme could accurately detect fault injection and semantic attacks. Compared with other detection models, our scheme presented an improved detection performance, with a detection accuracy of 99.80%.
Funder
Program for Innovation Leading Scientists and Technicians of ZhongYuan under
Subject
Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering
Reference36 articles.
1. (2011). Guide to Industrial Control Systems (ICS) Security: Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations Such as Programmable Logic Controllers (PLC) (Standard No. SP 800–82).
2. De Moura, R.L., Franqueira, V.N.L., and Pessin, G. (2021, January 1–3). Towards Safer Industrial Serial Networks: An Expert System Framework for Anomaly Detection. Proceedings of the 2021 IEEE 33rd International Conference on Tools with Artificial Intelligence (ICTAI), Washington, DC, USA.
3. Real-time fieldbus communications using Profibus networks;Tovar;IEEE Trans. Ind. Electron.,1999
4. Francis, C.R. (2002, January 24–28). Design of the cryosat system. Proceedings of the IEEE International Geoscience and Remote Sensing Symposium, Toronto, ON, Canada.
5. FSM based Intrusion Detection of Packet Dropping Attack using Trustworthy Watchdog Nodes;Chandan;Recent Adv. Comput. Sci. Commun.,2021
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献