Home > Research > Publications & Outputs > Goosewolf

Associated organisational unit

Electronic data


    Accepted author manuscript, 853 KB, PDF document

    Embargo ends: 1/01/40

    Available under license: CC BY: Creative Commons Attribution 4.0 International License


Text available via DOI:

View graph of relations

Goosewolf: An Embedded Intrusion Detection System for Advanced Programmable Logic Controllers

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Article number59
<mark>Journal publication date</mark>31/12/2023
<mark>Journal</mark>Digital Threats: Research and Practice
Issue number4
Number of pages19
Pages (from-to)1-19
Publication StatusPublished
Early online date20/10/23
<mark>Original language</mark>English


Critical infrastructures are making increasing use of digital technology for process control. While there are benefits, such as increased efficiency and new functionality, digitalization also introduces the risk of cyber-attacks to systems that support critical functions. A valuable target in these Industrial Control Systems (ICSs) are the Programmable Logic Controllers (PLCs) controlling the machinery that manages a physical process. PLCs have proven to be vulnerable to a range of cyber-attacks in the past; however, newer technologies such as embedded servers and virtualization have the potential to improve this situation and be used to monitor a PLC’s function. In this article, the implementation of a Host-based Intrusion Detection System (HIDS) for a modern PLC is described. This method uniquely makes use of native technologies on the PLC to monitor a dynamic simulated process in real time. Both the PLC’s integrity (checksum, file size, etc.) and the process control are monitored to determine whether the PLC has been compromised in a cyber-attack. The proposed solution detects a range of attacks, even when the PLC’s control logic is compromised and—unlike previous PLC HIDS methods—requires no modification of the underlying PLC technology.