Testing the Effectiveness of Attack Detection Mechanisms in Industrial Control Systems

Gayathri, S. P.; Mathur, Aditya P.

doi:10.1109/qrs-c.2017.29

Cited by 14 publications

(14 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The limitation of the dataset used by reference [125] covering malicious IoT devices is the use of the CAIDA darknet datasets which predominantly contain malicious material. Based on the results, the research community appears to lean on software-based simulation using established platforms, predominantly Matlab [39,101,117,118,132], but researchers also utilise UPPAAL [118] and ProModel Process [39] simulators. Therefore, software-based simulations are a frequent choice to test experimental concepts.…”

Section: Discussionmentioning

confidence: 99%

“…For example, a secure water treatment plant often consists of distributed cyber infrastructures that control physical processes. The author in reference [118] proposed a time automata (TA) approach, whilst another study [64] focused on a hybrid of machine learning combined with a specification-based detection. An orthogonal defence mechanism consisting of several intelligent checkers was used by the author in reference [51].…”

Section: Dfir Analysismentioning

confidence: 99%

See 1 more Smart Citation

Cyber Resilience and Incident Response in Smart Cities: A Systematic Literature Review

et al. 2020

View full text Add to dashboard Cite

The world is experiencing a rapid growth of smart cities accelerated by Industry 4.0, including the Internet of Things (IoT), and enhanced by the application of emerging innovative technologies which in turn create highly fragile and complex cyber–physical–natural ecosystems. This paper systematically identifies peer-reviewed literature and explicitly investigates empirical primary studies that address cyber resilience and digital forensic incident response (DFIR) aspects of cyber–physical systems (CPSs) in smart cities. Our findings show that CPSs addressing cyber resilience and support for modern DFIR are a recent paradigm. Most of the primary studies are focused on a subset of the incident response process, the “detection and analysis” phase whilst attempts to address other parts of the DFIR process remain limited. Further analysis shows that research focused on smart healthcare and smart citizen were addressed only by a small number of primary studies. Additionally, our findings identify a lack of available real CPS-generated datasets limiting the experiments to mostly testbed type environments or in some cases authors relied on simulation software. Therefore, contributing this systematic literature review (SLR), we used a search protocol providing an evidence-based summary of the key themes and main focus domains investigating cyber resilience and DFIR addressed by CPS frameworks and systems. This SLR also provides scientific evidence of the gaps in the literature for possible future directions for research within the CPS cybersecurity realm. In total, 600 papers were surveyed from which 52 primary studies were included and analysed.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Dfir Analysismentioning

confidence: 99%

Cyber Resilience and Incident Response in Smart Cities: A Systematic Literature Review

et al. 2020

View full text Add to dashboard Cite

show abstract

“…The construction-specific threat modeling approach and vulnerability analysis presented in Mantha et al (2020a) and Mantha and García de Soto (2019) are pioneering examples in this direction and can be used as an inspiration for future research. In the green cluster, the publications focusing on the cybersecurity aspects of OT and CPSs (Duque Anton et al 2019;Zhang et al 2019;Adepu and Mathur 2018;Ahmed and Mathur 2017;Babu et al 2017;Khan et al 2017;Sugumar and Mathur 2017;Khorrami et al 2016;Kobara 2016;Schlegel et al 2015;Wang et al 2015;Yang and Zhao 2015) can shed light on similar problems in the construction phase even though the workplace dynamics are different from other sectors (Mantha et al 2020a).…”

Section: Green Cluster: Construction Automation and Cyber-physical Systemsmentioning

confidence: 99%

Operational Technology on Construction Sites: A Review from the Cybersecurity Perspective

Sonkor

Soto

2021

J. Constr. Eng. Manage.

View full text Add to dashboard Cite

The digital transformation in the construction industry affects how information is exchanged and disrupts the way construction sites operate. The levels of operational technology (OT) to control and monitor site activities by utilizing robotic, autonomous, and remotely controlled machines raise cybersecurity concerns. As construction sites are places where humans and machines work together, the potential safety outcomes of cybersecurity vulnerabilities are magnified. This study's motivation was to understand the current state of the art and identify gaps to suggest future directions regarding OT in construction from the cybersecurity perspective. To achieve that, a bibliometric analysis was conducted. The analysis utilized the Scopus database to retrieve related publications and VOSviewer version 1.6.15 software to visualize bibliometric networks. Main research themes were identified, and each theme was reviewed from a cybersecurity perspective. The limitations of the analysis include the lack of industry-based categorization, the domination of publications focusing on the cybersecurity of industrial control systems (ICSs), and the set of keyword combinations used for the literature search that could be expanded to cover a broader range of research topics. The findings reveal the lack of focus on the construction phase in the construction cybersecurity research. Moreover, cybersecurity aspects are absent in the construction automation studies, and there is a need for bespoke threat modeling and intrusion detection systems for all the phases of construction projects. Suggestions for further research on the potential threats against the construction phase are provided. Future directions include possible adaptations of the available cybersecurity frameworks considering the utilization of OT on construction sites and investigating the methods to evaluate security levels on construction sites and countermeasures against cyberattacks.

show abstract

“…In addition, there has been related research on CPS intrusion detection. The detection methods include hostbased intrusion detection, which mainly monitors parts or activities of the host, network-based intrusion detection, vulnerability assessment-based intrusion detection including abuse/signature intrusion detection and anomaly-based intrusion detection, status protocol analysis, and process failure variables [21,22,23]. Most of the detection technologies analyze the network traffic from different perspectives to detect intrusions.…”

Section: Related Workmentioning

confidence: 99%

Security Verification for Cyber-Physical Systems Using Model Checking

2021

View full text Add to dashboard Cite

A malicious attack may endanger human life or pollute environment on a cyber-physical system (CPS). However, successfully attacking a CPS needs not only the knowledge of information technology (IT) but also the domain knowledge of the system's operation technology (OT). Therefore, it is critical to identify the vulnerabilities of a CPS. This paper proposes a systematic method for the security verification of a CPS, focusing on OT by using model checking with UPPAAL, so as to enhance cyber security. In our security analysis, we considered unsafe situations to be the result of a potentially effective security attack. Thus, we suggested a systematic method to generate security constraints based on the safety constraints (or safety checks) of the CPS and then enhance these security constraints by security verification using model checking with UPPAAL. UPPAAL's simulation tool can perform a detailed search for each state in various possible model combinations and can explore human-computer interactions more deeply. The contributions of our method are as follows: First, a systematic method is proposed to generate security constraints based on the overall safety requirements at the OT level. Second, the security constraints thus generated can be used for run-time monitoring to identify the possible security attacks when they are violated. Third, this paper proposes to augment normal system modeling with a suggested Attack Module to simulate the potential OT attacks. Finally, the verification results may be used in the following twofold directions: to identify the vulnerabilities for possible design improvements and to suggest the further additions of security constraints.

show abstract

Testing the Effectiveness of Attack Detection Mechanisms in Industrial Control Systems

Cited by 14 publications

References 13 publications

Cyber Resilience and Incident Response in Smart Cities: A Systematic Literature Review

Cyber Resilience and Incident Response in Smart Cities: A Systematic Literature Review

Operational Technology on Construction Sites: A Review from the Cybersecurity Perspective

Security Verification for Cyber-Physical Systems Using Model Checking

Contact Info

Product

Resources

About