Stealthy Deception Attacks Against SCADA Systems

Kleinmann, Amit; Amichay, Ori; Wool, Avishai; Tenenbaum, David; Bar, Ofer; Lev, L. L.

doi:10.1007/978-3-319-72817-9_7

Cited by 26 publications

(22 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several attack vectors, or a combination of them, can be used to attack an ICS (see Figure 1). For example, an adversary can attack: 1) the HMI machine, by exploiting software vulnerabilities in its OS and application stack, presenting a fake view of the process and causing the operator to issue erroneous commands [21]; 2) the SCADA and/or engineering workstation machine, by exploiting software vulnerabilities and obtaining full control of the ICS, as occurred in the attack in Ukraine [1]; 3) the communication network in the control segment, the remote segment, or between them, by performing eavesdropping, replay, or false packet injection attacks; 4) the PLC, by exploiting software vulnerabilities or trust between the PLC and SCADA -this allows the attacker to change the PLC's logic, influencing the controlled process and causing damage, as in the Stuxnet case; 5) the sensors, by leveraging physical effects, interfering with the measurements, or replacing the sensor with a malicious one, as shown in [22]; 6) the actuators, by altering the signal sent by the actuators to the controlled process, as described in [23]; or, 7) the actuators and communication channels to create a covert channel, as demonstrated in [24]. The threat model assumed in this research considers an adversary whose ultimate goal, regardless of the attack vector, is a physical-level process change.…”

Section: B Attacks On Icss and Threat Modelmentioning

confidence: 99%

Efficient Cyber Attack Detection in Industrial Control Systems Using Lightweight Neural Networks and PCA

Kravchik

Shabtai

2022

IEEE Trans. Dependable and Secure Comput.

115

View full text Add to dashboard Cite

Industrial control systems (ICSs) are widely used and vital to industry and society. Their failure can have severe impact on both the economy and human life. Hence, these systems have become an attractive target for physical and cyber attacks alike. In this paper, we examine an attack detection method based on simple and lightweight neural networks, namely, 1D convolutional neural networks and autoencoders. We apply these networks to both the time and frequency domains of the data and discuss the pros and cons of each representation approach. The suggested method is evaluated on three popular public datasets, and detection rates matching or exceeding previously published detection results are achieved, while demonstrating a small footprint, short training and detection times, and generality. We also show the effectiveness of PCA, which, given proper data preprocessing and feature selection, can provide high attack detection rates in many settings. Finally, we study the proposed method's robustness against adversarial attacks that exploit inherent blind spots of neural networks to evade detection while achieving their intended physical effect. Our results show that the proposed method is robust to such evasion attacks: in order to evade detection, the attacker is forced to sacrifice the desired physical impact on the system.

show abstract

Section: B Attacks On Icss and Threat Modelmentioning

confidence: 99%

Efficient Cyber Attack Detection in Industrial Control Systems Using Lightweight Neural Networks and PCA

Kravchik

Shabtai

2022

IEEE Trans. Dependable and Secure Comput.

115

View full text Add to dashboard Cite

show abstract

“…For example, an adversary can attack: 1) The HMI machine, by exploiting software vulnerabilities in its OS and application stack, presenting a fake view of the process and causing the operator to issue erroneous commands [15], 2) The SCADA and/or engineering workstation machine, by exploiting software vulnerabilities and obtaining full control of the ICS, as it happened in Ukraine [1], 3) The communication network in the control segment, in the remote segment, or between them, by performing eavesdropping, or replay or false packet injection attacks, 4) The PLC, by exploiting software vulnerabilities or trust between the PLC and SCADA; this will allow the attacker to change the PLC logic influencing the controlled process and cause damage, as in the Stuxnet case, Fig. 1.…”

Section: B Attacks On Icss and Threat Modelmentioning

confidence: 99%

Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks

Kravchik

Shabtai

2018

Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy

235

167

View full text Add to dashboard Cite

Industrial control systems (ICSs) are widely used and vital to industry and society. Their failure can have severe impact on both economics and human life. Hence, these systems have become an attractive target for attacks, both physical and cyber. A number of attack detection methods have been proposed, however they are characterized by a low detection rate, a substantial false positive rate, or are system specific. In this paper, we study an attack detection method based on simple and lightweight neural networks, namely, 1D convolutions and autoencoders. We apply these networks to both the time and frequency domains of the collected data and discuss pros and cons of each approach. We evaluate the suggested method on three popular public datasets and achieve detection rates matching or exceeding previously published detection results, while featuring small footprint, short training and detection times, and generality. We also demonstrate the effectiveness of PCA, which, given proper data preprocessing and feature selection, can provide high attack detection scores in many settings. Finally, we study the proposed method's robustness against adversarial attacks, that exploit inherent blind spots of neural networks to evade detection while achieving their intended physical effect. Our results show that the proposed method is robust to such evasion attacks: in order to evade detection, the attacker is forced to sacrifice the desired physical impact on the system. This finding suggests that neural networks trained under the constraints of the laws of physics can be trusted more than networks trained under more flexible conditions.

show abstract

“…Until 2016, Urbina et al [16,50] stated that existing intrusion detection technology still cannot detect stealthy attacks effectively, so they proposed a new method to measure the negative impacts of stealthy attacks on ICS and tried to limit the negative impacts by configuring detection schemes and metrics properly. Since then, some researchers have conducted further research on stealthy attacks, but they mainly focused on how to perform stealthy attacks on specific ICS [21] or exploring the impacts of stealthy attacks on some more complex systems [22]. As a result, detecting stealthy attacks against ICS becomes an urgent issue.…”

Section: Intrusion Detection Based On Process Data Analysismentioning

confidence: 99%

“…Therefore, the attacker can make the observed behavior of a system follow its expected behavior closely during a stealthy attack, but still inject enough false information into the system after a long period of time [16], and finally cause a fatal damage to the target system. Since then, stealthy attacks against ICS have attracted much attention [21,22]. Previously, we proposed a detection approach against stealthy attacks based on residual permutation entropy [23].…”

Section: Introductionmentioning

confidence: 99%

Detecting stealthy attacks against industrial control systems based on residual skewness analysis

Yang³

et al. 2019

J Wireless Com Network

View full text Add to dashboard Cite

With the integration of the modern industrial control systems (ICS) with the Internet technology, ICS can make full use of the rich resources on the Internet to facilitate remote process control. However, every coin has two sides. More exposure to the outside IT world has made ICS an attractive target for hackers, so it becomes urgent to protect the security of ICS. Skilled attackers can penetrate control networks and then manipulate sensor readings or control signals persistently until the system crashes, while still keeping themselves undetected by following the expected behavior of the system closely. This kind of attacks are referred to as stealthy attacks. As far as we know, many existing intrusion detection techniques only investigate the magnitudes of behavior residuals, so they cannot detect this kind of stealthy attacks. In this paper, we discover that residuals generated during stealthy attacks exhibit significant skewness compared to attack-free residuals. Based on the new observation, we propose an effective and fast technique to detect stealthy attacks against ICS based on residual skewness analysis. Skewness coefficients can distinguish the counterfeited residuals from the attack-free residuals effectively. A larger absolute value of the skewness coefficient generally indicates the occurrence of a more intense stealthy attack. Finally, we conduct comprehensive experiments to verify the effectiveness and efficiency of the proposed stealthy attack detection approach.

show abstract

Stealthy Deception Attacks Against SCADA Systems

Cited by 26 publications

References 32 publications

Efficient Cyber Attack Detection in Industrial Control Systems Using Lightweight Neural Networks and PCA

Efficient Cyber Attack Detection in Industrial Control Systems Using Lightweight Neural Networks and PCA

Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks

Detecting stealthy attacks against industrial control systems based on residual skewness analysis

Contact Info

Product

Resources

About