Type of Publication: Article in Collected Edition

Control Behavior Integrity for Distributed Cyber-Physical Systems

Author(s):

Adepu, Sridhar; Brasser, Ferdinand; Garcia, Luis; Rodler, Michael; Davi, Lucas; Sadeghi, Ahmad-Reza; Zonouz, Saman

Title of Anthology:

Proc. of 11th IEEE/ACM Conference on Cyber-Physical Systems (ICCPS'20)

Publisher:

Institute of Electrical and Electronics Engineers (IEEE)

Location(s):

Sydney, NSW, Australia

Publication Date:

2020

ISBN:

978-1-7281-5501-2

Digital Object Identifier (DOI):

doi:10.1109/ICCPS48487.2020.00011

Citation:

Download BibTeX

Abstract

Cyber-physical control systems, such as industrial control systems (ICS), are increasingly targeted by cyberattacks. Such attacks can potentially cause tremendous damage, affect critical infrastructure or even jeopardize human life when the system does not behave as intended. Cyberattacks, however, are not new and decades of security research have developed plenty of solutions to thwart them. Unfortunately, many of these solutions cannot be easily applied to safety-critical cyber-physical systems. Further, the attack surface of ICS is quite different from what can be commonly assumed in classical IT systems. We present Scadman, a novel control-logic aware anomaly detection system for distributed cyber-physical systems. By observing the system-wide behavior, the correctness of individual controllers (like programmable logic controllers-PLCs) in ICS can be verified. This allows Scadman to detect a wide range of attacks, including malware attacks, code-reuse and dataonly attacks, as well as sensor attacks. We implemented and evaluated Scadman based on a real-world water treatment testbed for ICS security research and training. Our results show that we can detect a wide range of attacks-including attacks that have previously been undetectable by typical state estimation techniques-while causing no false-positive warning for nominal threshold values.