Final published version
Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - Goosewolf
T2 - An Embedded Intrusion Detection System for Advanced Programmable Logic Controllers
AU - Allison, David
AU - McLaughlin, Kieran
AU - Smith, Paul
PY - 2023/12/31
Y1 - 2023/12/31
N2 - Critical infrastructures are making increasing use of digital technology for process control. While there are benefits, such as increased efficiency and new functionality, digitalization also introduces the risk of cyber-attacks to systems that support critical functions. A valuable target in these Industrial Control Systems (ICSs) are the Programmable Logic Controllers (PLCs) controlling the machinery that manages a physical process. PLCs have proven to be vulnerable to a range of cyber-attacks in the past; however, newer technologies such as embedded servers and virtualization have the potential to improve this situation and be used to monitor a PLC’s function. In this article, the implementation of a Host-based Intrusion Detection System (HIDS) for a modern PLC is described. This method uniquely makes use of native technologies on the PLC to monitor a dynamic simulated process in real time. Both the PLC’s integrity (checksum, file size, etc.) and the process control are monitored to determine whether the PLC has been compromised in a cyber-attack. The proposed solution detects a range of attacks, even when the PLC’s control logic is compromised and—unlike previous PLC HIDS methods—requires no modification of the underlying PLC technology.
AB - Critical infrastructures are making increasing use of digital technology for process control. While there are benefits, such as increased efficiency and new functionality, digitalization also introduces the risk of cyber-attacks to systems that support critical functions. A valuable target in these Industrial Control Systems (ICSs) are the Programmable Logic Controllers (PLCs) controlling the machinery that manages a physical process. PLCs have proven to be vulnerable to a range of cyber-attacks in the past; however, newer technologies such as embedded servers and virtualization have the potential to improve this situation and be used to monitor a PLC’s function. In this article, the implementation of a Host-based Intrusion Detection System (HIDS) for a modern PLC is described. This method uniquely makes use of native technologies on the PLC to monitor a dynamic simulated process in real time. Both the PLC’s integrity (checksum, file size, etc.) and the process control are monitored to determine whether the PLC has been compromised in a cyber-attack. The proposed solution detects a range of attacks, even when the PLC’s control logic is compromised and—unlike previous PLC HIDS methods—requires no modification of the underlying PLC technology.
KW - Runtime verification
KW - Programmable logic controller
KW - Intrusion detection
KW - Industrial control systems
U2 - 10.1145/3617692
DO - 10.1145/3617692
M3 - Journal article
VL - 4
SP - 1
EP - 19
JO - Digital Threats: Research and Practice
JF - Digital Threats: Research and Practice
IS - 4
M1 - 59
ER -