The increasing interconnection of industrial networks with the Internet exposes them to an ever-growing risk of cyberattacks. A well-proven mechanism to detect such attacks is industrial intrusion detection, which searches for anomalies in otherwise predictable communication or process behavior. However, efforts to improve these detection methods mostly focus on specific domains and communication protocols, leading to a research landscape that is broken up into isolated silos. Thus, existing approaches cannot be applied to other industrial scenarios that would equally benefit from powerful detection approaches. To better understand this issue, we survey 53 detection systems and conclude that there is no fundamental reason for their narrow focus. Although they are often coupled to specific industrial protocols in practice, many approaches could generalize to new industrial scenario in theory. To unlock this potential for intrusion detection across industrial domains and protocols, we propose IPAL, our industrial protocol abstraction layer, to decouple intrusion detection from domain-specific industrial communication protocols. We show the practical applicability and correctness of IPAL through a reproducibility study in which we re-implement eight detection approaches from related work on top of IPAL. Finally, we showcase the unique benefits of IPAL for industrial intrusion detection research by studying the generalizability of existing approaches to new datasets and conclude that they are indeed not restricted to specific domains or protocols.
Shipboard marine radar systems are essential for safe navigation, helping seafarers perceive their surroundings as they provide bearing and range estimations, object detection, and tracking. Since onboard systems have become increasingly digitized, interconnecting distributed electronics, radars have been integrated into modern bridge systems. But digitization increases the risk of cyberattacks, especially as vessels cannot be considered air-gapped. Consequently, in-depth security is crucial. However, particularly radar systems are not sufficiently protected against harmful network-level adversaries. Therefore, we ask: Can seafarers believe their eyes? In this paper, we identify possible attacks on radar communication and discuss how these threaten safe vessel operation in an attack taxonomy. Furthermore, we develop a holistic simulation environment with radar, complementary nautical sensors, and prototypically implemented cyberattacks from our taxonomy. Finally, leveraging this environment, we create a comprehensive dataset (RadarPWN) with radar network attacks that provides a foundation for future security research to secure marine radar communication.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.