Abstract
AbstractDesigning and developing distributed cyber-physical production systems (CPPS) is a time-consuming, complex, and error-prone process. These systems are typically heterogeneous, i.e., they consist of multiple components implemented with different languages and development tools. One of the main problems nowadays in CPPS implementation is enabling security mechanisms by design while reducing the complexity and increasing the system’s maintainability. Adopting the IEC 61499 standard is an excellent approach to tackle these challenges by enabling the design, deployment, and management of CPPS in a model-based engineering methodology. We propose a method for CPPS design based on the IEC 61499 standard. The method allows designers to embed a bio-inspired anomaly-based host intrusion detection system (A-HIDS) in Edge devices. This A-HIDS is based on the incremental Dendritic Cell Algorithm (iDCA) and can analyze OPC UA network data exchanged between the Edge devices and detect attacks that target the CPPS’ Edge layer. This study’s findings have practical implications on the industrial security community by making novel contributions to the intrusion detection problem in CPPS considering immune-inspired solutions, and cost-effective security by design system implementation. According to the experimental data, the proposed solution can dramatically reduce design and code complexity while improving application maintainability and successfully detecting network attacks without negatively impacting the performance of the CPPS Edge devices.
Publisher
Springer Science and Business Media LLC
Subject
Artificial Intelligence,Computer Networks and Communications,Information Systems,Software
Reference44 articles.
1. Aickelin U, Cayzer S, Qz B (2002) The danger theory and its application to artificial immune systems. In: Proceedings of the 1st international conference on artificial immune systems (ICARIS ’02), pp 141–148
2. Baezner M, Robin P (2017) Stuxnet. Technical report, ETH Zurich
3. Butun I, Morgera SD, Sankar R (2014) A survey of intrusion detection systems in wireless sensor networks. IEEE Commun Surv Tutor 16(1):266–282. https://doi.org/10.1109/SURV.2013.050113.00191
4. Commission IE et al. (2005) International standard iec61499, function blocks, part 1-part 4. IEC http://www.iec.ch
5. Costin A, Zaddach J, Francillon A, Balzarotti D (2014) A large-scale analysis of the security of embedded firmwares. In: 23rd USENIX security symposium (USENIX Security 14), pp 95–110. USENIX Association, San Diego, CA. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/costin
Cited by
6 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献