Detecting Integrity Attacks on SCADA Systems

Abstract: Ensuring security of systems based on supervisory control and data acquisition (SCADA) is a major challenge. In this paper we analyze the effect of integrity attacks on control systems and provide countermeasure capable of exposing such attacks. To validate the results, we apply our findings to an industrial control problem concerning a chemical plant and then a simplified model of a power system.

“…In our experiment controllers were implemented within the Master Unit, while sensors were implemented as R-PLC Units. As shown in Figure 5, similarly to the results reported in [10], we see an increase in the pressure after the attack is started. As soon as the attack is ended, the controller is able to stabilize the process and brings it back to its normal operating limits.…”

“…More specifically, we recreate the Denial of Service attack reported in the work of Chabukswar, et al [10] involving the Tennessee-Eastman chemical process [17] (more details on this process in Section 7.2). The attack targets routers responsible for the data exchange between controllers and sensors/actuators.…”

“…For example, Chabukswar, et al [10] used the Command and Control WindTunnel [18] multi-model simulation environment to enable the interaction between various simulation engines. The authors used OMNeT++ to simulate the network and Matlab Simulink to build and run the physical process model.…”

“…Most of the previously mentioned functionalities are missing from related approaches that employ real cyber and simulated physical components [12,14], as shown later in this paper. On the other hand, approaches that rely on simulated cyber and physical components [11,10] are less expensive and most of them include several functionalities among the previously mentioned. However, they do not support key functionalities that would enable experimentation with real malware/SCADA software.…”

“…The main novelty of the proposed framework is that it combines the Emulab testbed with typical NICS components and Simulink models in order to provide a set of key functionalities that are missing from related techniques [7,8,9,10,11,12,13,14]. As the Emulab testbed was specifically designed to provide capabilities for advanced networking experimentation, it already includes most of the functionalities required by our framework (see Table 2), e.g.…”

A cyber-physical experimentation environment for the security analysis of networked industrial control systems

“…In our experiment controllers were implemented within the Master Unit, while sensors were implemented as R-PLC Units. As shown in Figure 5, similarly to the results reported in [10], we see an increase in the pressure after the attack is started. As soon as the attack is ended, the controller is able to stabilize the process and brings it back to its normal operating limits.…”

“…More specifically, we recreate the Denial of Service attack reported in the work of Chabukswar, et al [10] involving the Tennessee-Eastman chemical process [17] (more details on this process in Section 7.2). The attack targets routers responsible for the data exchange between controllers and sensors/actuators.…”

“…For example, Chabukswar, et al [10] used the Command and Control WindTunnel [18] multi-model simulation environment to enable the interaction between various simulation engines. The authors used OMNeT++ to simulate the network and Matlab Simulink to build and run the physical process model.…”

“…Most of the previously mentioned functionalities are missing from related approaches that employ real cyber and simulated physical components [12,14], as shown later in this paper. On the other hand, approaches that rely on simulated cyber and physical components [11,10] are less expensive and most of them include several functionalities among the previously mentioned. However, they do not support key functionalities that would enable experimentation with real malware/SCADA software.…”

“…The main novelty of the proposed framework is that it combines the Emulab testbed with typical NICS components and Simulink models in order to provide a set of key functionalities that are missing from related techniques [7,8,9,10,11,12,13,14]. As the Emulab testbed was specifically designed to provide capabilities for advanced networking experimentation, it already includes most of the functionalities required by our framework (see Table 2), e.g.…”

A cyber-physical experimentation environment for the security analysis of networked industrial control systems

Active Detection Against Replay Attack: A Survey on Watermark Design for Cyber-Physical Systems

Cyber Situational Awareness for Industrial Control Systems (ICSs) Deployed in Smart City