Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Detecting control system misbehavior by fingerprinting programmable logic controller functionality

Journal Article · · International Journal of Critical Infrastructure Protection
 [1];  [1];  [1];  [1]
  1. Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)
+ Show Author Affiliations
In recent years, attacks such as the Stuxnet malware have demonstrated that cyberattacks against control systems cause extensive damage. These attacks can result in physical damage to the networked systems under their control. In this paper, we discuss our approach for detecting such attacks by distinguishing between programs running on a programmable logic controller (PLC) without having to monitor communications. Using power signatures generated by an attached, high-frequency power measurement device, we can identify what a PLC is doing and when an attack may have altered what the PLC should be doing. To accomplish this, we generated labeled data for testing our methods and applied feature engineering techniques and machine learning models. The results of this research demonstrate that Random Forests and Convolutional Neural Networks classify programs with up to 98% accuracy for major program differences and 84% accuracy for minor differences. Our results can be used for both online and offline applications.
Research Organization:
Lawrence Berkeley National Laboratory (LBNL), Berkeley, CA (United States)
Sponsoring Organization:
USDOE; USDOE Office of Science (SC)
Grant/Contract Number:
AC02-05CH11231
OSTI ID:
1656531
Alternate ID(s):
OSTI ID: 1694251
Journal Information:
International Journal of Critical Infrastructure Protection, Journal Name: International Journal of Critical Infrastructure Protection Vol. 26; ISSN 1874-5482
Publisher:
ElsevierCopyright Statement
Country of Publication:
United States
Language:
English

Similar Records

Attacking the IEC-61131 Logic Engine in Programmable Logic Controllers in Industrial Control Systems
Conference · Sun Feb 28 23:00:00 EST 2021 · OSTI ID:1808195
Detecting Payload Attacks on Programmable Logic Controllers (PLCs)
Conference · Wed May 30 00:00:00 EDT 2018 · OSTI ID:1434249
Automated Reconstruction of Control Logic for Programmable Logic Controller Forensics
Conference · Sun Sep 01 00:00:00 EDT 2019 · OSTI ID:1570119

Related Subjects

97 MATHEMATICS AND COMPUTING
cyber-physical systems
cybersecurity
machine learning
programmable logic controller
side channels