Industrial Control System Fingerprinting and Anomaly Detection

Peng, Yong; Xiang, Chong; Gao, Haihui; Chen, Dongqing; Ren, Wei

doi:10.1007/978-3-319-26567-4_5

Cited by 6 publications

(3 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Specifically, we use Siemens S7-300 and Allen-Bradley ControlLogix 1756-L71 (AB CLX) PLCs. Alternative PLC models could be included in future work by extending the functionality of PLCPrint to additional open-source PLC communication libraries implemented for protocols used by alternative leading PLC vendors, including Schneider Electric (Modbus-TCP) 4 , General Electric 5 , and Mitsubishi (MELSEC) 6 . Such libraries can be used to read PLC registers and acquire various memory artefacts.…”

Section: Discussionmentioning

confidence: 99%

“…A range of different data artefacts have been used as properties of ICS fingerprinting approaches. Several previous studies have used characteristics of ICS network data in fingerprinting methods for anomaly detection [6], [7], [16], [17], [19]. As ICS network traffic is primarily deterministic, models of normal system behaviour are able to be accurately generated in comparison to generic IT systems, where there would typically be a greater amount of noise in the network data [23].…”

Section: Fingerprinting Data Artefactsmentioning

confidence: 99%

See 1 more Smart Citation

PLCPrint: Fingerprinting Memory Attacks in Programmable Logic Controllers

Cook

Marnerides

Pezaros

2023

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Section: Discussionmentioning

confidence: 99%

Section: Fingerprinting Data Artefactsmentioning

confidence: 99%

PLCPrint: Fingerprinting Memory Attacks in Programmable Logic Controllers

Cook

Marnerides

Pezaros

2023

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

“…Peng et al (15) give an overview of anomaly detection approaches for identifying fingerprinting attacks on industrial control systems. Further, they demonstrated how to increase security for these systems and also listed various attacks for CPSs.…”

Section: Related Workmentioning

confidence: 99%

Identifying S7comm Protocol Data Injection Attacks in Cyber-Physical Systems

Eigner

Kreimel

Tavolato

2018

Electronic Workshops in Computing

View full text Add to dashboard Cite

Cyber-physical systems are found in production and industrial systems, as well as critical infrastructures which play a crucial role in our society. The integration of standard computing devices and IP-based technology in cyber-physical systems increases the threat of cyber-attacks. Furthermore, traditional intrusion defense strategies are often not applicable in industrial environments. This paper focuses on the widely used Siemens S7 communication protocol and presents an approach to detect anomalies in network packets by training a model with neural networks and applying the model on current network traffic. In order to stay close to practice we built an experimental setup with industry controllers, sensors and actuators. To check the applicability of the model we launched supervised S7 protocol attacks against the setup. The results show that this approach can detect anomalous network packets with satisfactory accuracy.

show abstract