10.1016/j.ijcip.2016.07.003">
 

Document Type

Article

Publication Date

11-14-2016

Abstract

The critical infrastructure, which includes the electric power grid, railroads and water treatment facilities, is dependent on the proper operation of industrial control systems. However, malware such as Stuxnet has demonstrated the ability to alter industrial control system parameters to create physical effects. Of particular concern is malware that targets embedded devices that monitor and control system functionality, while masking the actions from plant operators and security analysts. Indeed, system security relies on guarantees that the assurance of these devices can be maintained throughout their lifetimes. This paper presents a novel approach that uses timing-based side channel analysis to establish a unique device fingerprint that helps detect unauthorized modifications of the device. The approach is applied to an Allen Bradley ControlLogix programmable logic controller where execution time measurements are collected and analyzed by a custom anomaly detection system to detect abnormal behavior. The anomaly detection system achieves true positive rates of 0.978 to 1.000 with false positive rates of 0.033to 0.044. The test results demonstrate the feasibility of using timing-based side channel analysis to detect anomalous behavior in programmable logic controllers.

Comments

© 2016 published by Elsevier. This manuscript is made available under the Elsevier user license.

AFIT Scholar furnishes the accepted manuscript of this article in accordance with the sharing rules of the publisher. An embargo was observed for this posting.

Author note: Juan Lopez was an AFIT PhD candidate at the time of this article. (December 2016).

Source Publication

International Journal of Critical Infrastructure Protection (ISSN 1874-5482 | eISSN 2212-2087)

Download

Share

COinS