Detection of Anomalous Values within TIA Project Data History for Industrial Control Systems
Pages 91 - 97
Abstract
Attacks on industrial control systems (ICS) have been intensively studied during the last decade. Malicious alternations of ICS can appear in several different ways, e.g. in changed network traffic patterns or in modified data stored on ICS components. While several heuristics and machine learning methods have been proposed to analyze different types of ICS data regarding anomalies, no work is known that uses the data of Totally Integrated Automation (TIA) Portal for anomaly detection. TIA Portal is a popular software system for organizing the ICS, with which configuration and programming data can be viewed, changed and deleted. By saving the single project datasets historically, old versions of the current system configurations can be restored.
In this initial work, we propose heuristics that detect anomalies in the TIA Portal data. In particular do we analyze the historical modifications within TIA Portal data by investigating long-term backups. Our approach covers both, changes to the data caused by infiltrated attacks as well as malicious changes made by employees who have direct access to the machines. We therefore started to examine real TIA Portal project data of an automotive manufacturer’s production line, covering a period of about three years of historical data, for various features that may indicate anomalies.
References
[1]
C.M. Ahmed and J. Zhou. 2020. Challenges and Opportunities in CPS Security: A Physics-based Perspective. IEEE Security & Privacy 18, 6 (2020), 14–22.
[2]
T.K. Das, S. Adepu, and J. Zhou. 2020. Anomaly detection in Industrial Control Systems using Logical Analysis of Data. Computers & Security 96, 101935 (2020).
[3]
C. Feng, V.R. Palleti, A. Mathur, and D. Chana. 2019. A Systematic Framework to Generate Invariants for Anomaly Detection in Industrial Control Systems. In Network and Distributed Systems Security (NDSS) Symposium 2019. NDSS, San Diego, CA, USA.
[4]
B. Genge, P. Haller, and C. Enăchescu. 2019. Anomaly Detection in Aging Industrial Internet of Things. IEEE Access 7(2019), 74217–74230.
[5]
Á.L.P. Gómez, L.F. Maimó, A.H. Celdrán, 2019. On the Generation of Anomaly Detection Datasets in Industrial Control Systems. IEEE Access 7(2019), 177460–177473.
[6]
Y. Hu, H. Li, H. Yang, 2019. Detecting stealthy attacks against industrial control systems based on residual skewness analysis. J Wireless Com Network 74 (2019).
[7]
I. Kiss, B. Genge, P. Haller, and G. Sebestyén. 2014. Data clustering-based anomaly detection in industrial control systems. In 2014 IEEE 10th International Conf. on Intelligent Computer Communication and Processing (ICCP). IEEE, Cluj Napoca, Romania, 275–281.
[8]
M. Krotofil, A. Cárdenas, J. Larsen, and D. Gollmann. 2014. Vulnerabilities of cyber-physical systems to stale data—Determining the optimal time to launch attacks. International Journal of Critical Infrastructure Protection 7, 4(2014), 213–232.
[9]
M. Krotofil, J. Larsen, and D. Gollmann. 2015. The Process Matters: Ensuring Data Veracity in Cyber-Physical Systems. In Proc. 10th ACM Symposium on Information, Computer and Communications Security (ASIA CCS ’15). ACM, New York, NY, USA, 133–144.
[10]
J.E. Rubio, C. Alcaraz, R. Roman, and J. Lopez. 2019. Current cyber-defense trends in industrial control systems. Computers & Security 87, 101561 (2019).
[11]
D.I. Urbina, J.A Giraldo, A.A. Cardenas, 2016. Limiting the Impact of Stealthy Attacks on Industrial Control Systems. In Proc. 2016 ACM SIGSAC Conf. on Computer and Communications Security (CCS ’16). ACM, New York, NY, USA, 1092–1105.
[12]
C. Wressnegger, A. Kellner, and K. Rieck. 2018. ZOE: Content-Based Anomaly Detection for Industrial Control Systems. In 2018 48th Annual IEEE/IFIP International Conf. on Dependable Systems and Networks (DSN). IEEE, Luxembourg City, Luxembourg, 127–138.
[13]
H. Yoo and I. Ahmed. 2019. Control Logic Injection Attacks on Industrial Control Systems. In SEC 2019: ICT Systems Security and Privacy Protection, Vol. 562. Springer, Cham, Switzerland, 33–48.
[14]
F. Zhang, H.A.D.E. Kodituwakku, J.W. Hines, and J. Coble. 2019. Multilayer Data-Driven Cyber-Attack Detection System for Industrial Control Systems Based on Network, System, and Process Data. IEEE Transactions on Industrial Informatics 15, 7 (2019), 4362–4369.
[15]
M. Zhang, C.-Y. Chen, B.-C. Kao, 2019. Towards Automated Safety Vetting of PLC Code in Real-World Plants. In 2019 IEEE Symposium on Security and Privacy (S&P). IEEE, San Francisco, CA, USA, 522–538.
[16]
R.B. Zhang, L.H. Xia, and Y. Lu. 2019. Anomaly Detection of ICS based on EB-OCSVM. Journal of Physics: Conf. Series 1267, 012054 (2019).
Index Terms
- Detection of Anomalous Values within TIA Project Data History for Industrial Control Systems
Index terms have been assigned to the content through auto-classification.
Recommendations
How Feasible are Steganographic and Stealth Attacks on TIA Project Metadata of ICS: A Case Study with Real-world Data
EICC '21: Proceedings of the 2021 European Interdisciplinary Cybersecurity ConferenceThe protection of industrial control systems (ICS) is crucial for a robust provision of essential services for the modern society. Stealthy and steganographic attacks are a considerable threat against the reliability and security of such ICS. Several ...
Utilizing Machine Learning Approaches for Anomaly Detection in Industrial Control Systems
ICIMMI '23: Proceedings of the 5th International Conference on Information Management & Machine IntelligenceIndustrial Control Systems (ICS) are of utmost importance in the functioning of infrastructure and manufacturing operations. The identification of anomalies within these systems holds significant importance in maintaining operational efficiency and ...
Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes
This paper reports the design principles and evaluation results of a new experimental hybrid intrusion detection system (HIDS). This hybrid system combines the advantages of low false-positive rate of signature-based intrusion detection system (IDS) and ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
November 2021
97 pages
Copyright © 2021 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 22 November 2021
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
Conference
EICC '21
EICC '21: European Interdisciplinary Cybersecurity Conference
November 10 - 11, 2021
Virtual Event, Romania
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 67Total Downloads
- Downloads (Last 12 months)9
- Downloads (Last 6 weeks)1
Reflects downloads up to 12 Nov 2024
Other Metrics
Citations
Cited By
View allView Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format