Programmable Logic Controller Forensics

Ahmed, Irfan; Obermeier, Sebastian; Sudhakaran, Sneha; Roussev, Vassil

doi:10.1109/msp.2017.4251102

Cited by 69 publications

(27 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Similarly, Wu et al [7] discussed a SCADA digital forensic process consisting of seven steps and Eden et al [8] discussed a SCADA forensic incident response model. A few other perspectives include works like Ahmed et al [9] discussing programmable logic controller (PLC) forensics. Many works [10][11][12][13][14] explain the different types of cyber-attacks, testbeds and potential vulnerability in a digital substation in smart grids, however, they seldom discuss anything related to digital forensic investigations.…”

Section: Related Workmentioning

confidence: 99%

Digital Forensic Analysis of Industrial Control Systems Using Sandboxing: A Case of WAMPAC Applications in the Power Systems

Iqbal¹,

Mahmood²,

Ekstedt³

2019

Energies

View full text Add to dashboard Cite

In today’s connected world, there is a tendency of connectivity even in the sectors which conventionally have been not so connected in the past, such as power systems substations. Substations have seen considerable digitalization of the grid hence, providing much more available insights than before. This has all been possible due to connectivity, digitalization and automation of the power grids. Interestingly, this also means that anybody can access such critical infrastructures from a remote location and gone are the days of physical barriers. The power of connectivity and control makes it a much more challenging task to protect critical industrial control systems. This capability comes at a price, in this case, increasing the risk of potential cyber threats to substations. With all such potential risks, it is important that they can be traced back and attributed to any potential threats to their roots. It is extremely important for a forensic investigation to get credible evidence of any cyber-attack as required by the Daubert standard. Hence, to be able to identify and capture digital artifacts as a result of different attacks, in this paper, the authors have implemented and improvised a forensic testbed by implementing a sandboxing technique in the context of real time-hardware-in-the-loop setup. Newer experiments have been added by emulating the cyber-attacks on WAMPAC applications, and collecting and analyzing captured artifacts. Further, using sandboxing for the first time in such a setup has proven helpful.

show abstract

Section: Related Workmentioning

confidence: 99%

Digital Forensic Analysis of Industrial Control Systems Using Sandboxing: A Case of WAMPAC Applications in the Power Systems

Iqbal¹,

Mahmood²,

Ekstedt³

2019

Energies

View full text Add to dashboard Cite

show abstract

“…PLCs are rapidly being connected to the internet, other corporate networks, and wireless Internet Protocol (IP) through Transmission Control Protocol/Internet Protocol (TCP/IP) in order to improve performance and efficiency [6]- [8]. Again, because of their distinctive architecture and proprietary operating systems, PLCs make it challenging to apply classic methodologies and modern technologies for detecting aberrant activities [9]. Given the foregoing, it is imperative to defend PLCs against various kind of attack or anomaly, including hardware malfunction, insiders' unintentional activities, and malicious intruders.…”

Section: Introductionmentioning

confidence: 99%

Anomaly Detection for a Water Treatment System Based on One-Class Neural Network

2022

View full text Add to dashboard Cite

The prevalence of Internet-of-Things (IoT) technologies and the ubiquity of networked sensors and actuators in many industrial control systems (ICS) have led to the exposure of critical infrastructure in our society to malicious activities and cyber threats. Programmable logic controllers (PLCs) are embedded devices that automate ICS processes. PLCs, which serve as the heart of ICS, are vulnerable to attacks and system malfunctions like other embedded devices. Because PLCs are widely used to control ICS physical processes, attacks against PLCs can cause irreparable damage to enterprises and even loss of life. However, due to the unique and proprietary architecture of PLCs, it is not easy to apply traditional tools and techniques for PLC protection. This work presents an unsupervised learning approach for anomaly detection in ICS based on neural networks with one class objective function and additional regularization term. This technique combines the abilities of neural networks to learn complex relationships with a one-class objective function and a regularization term for separating normal conditions from anomalous operations. The newly introduced regularization term provides a model-tuning mechanism based on specific industrial requirements and performance metrics of interest (i.e., precision or recall). The model was evaluated on a recent real-world ICS dataset: the Secure Water Treatment (SWaT) dataset. The proposed technique's performance is compared with previous work, showing improvements in terms of scalability and attack detection capability, proving that the proposed technique is suitable for use in real ICS scenarios. The proposed method with the regularization term demonstrated superior recall values in 15 out of the 36 attack scenarios in the SWaT dataset, which is the largest of any published methods in the literature. A qualitative analysis of the proposed technique on the SWaT security showdown event data further proves the technique's high anomaly detection ability on real-time injected attacks.INDEX TERMS Anomaly detection, artificial neural networks, cyber-physical system, cybersecurity, industrial control systems.

show abstract

“…From the industry background, under the wave of big data, internet users' demand for information is guaranteed to a certain extent, but the increasing volume of data makes it difficult to filter information. Recommender systems can mine users' preferences and needs based on their interest classification tags, historical behavior records and other user registration information, and then provide users with personalized recommendation services, which can alleviate the information overload problem to a certain extent [1,2]. A recommender system is essentially an information filtering system, which consists of three main subjects: recommendation target, recommendation model and recommendation object, where the recommendation target and recommendation object refer to the user and the item, respectively, and the recommendation model is to realize the matching of the item characteristics with the user model.…”

Section: Introductionmentioning

confidence: 99%

A multimedia recommendation model based on collaborative graph

Lim¹,

Bansal²,

Buru³

et al. 2022

Preprint

View full text Add to dashboard Cite

As one of the main solutions to the information overload problem, recommender systems are widely used in daily life. In the recent emerging micro-video recommendation scenario, micro-videos contain rich multimedia information, involving text, image, video and other multimodal data, and these rich multimodal information conceals users' deep interest in the items. Most of the current recommendation algorithms based on multimodal data use multimodal information to expand the information on the item side, but ignore the different preferences of users for different modal information, and lack the fine-grained mining of the internal connection of multimodal information. To investigate the problems in the micro-video recommendr system mentioned above, we design a hybrid recommendation model based on multimodal information, introduces multimodal information and user-side auxiliary information in the network structure, fully explores the deep interest of users, measures the importance of each dimension of user and item feature representation in the scoring prediction task, makes the application of graph neural network in the recommendation system is improved by using an attention mechanism to fuse the multi-layer state output information, allowing the shallow structural features provided by the intermediate layer to better participate in the prediction task. The recommendation accuracy is improved compared with the traditional recommendation algorithm on different data sets, and the feasibility and effectiveness of our model is verified.

show abstract

Programmable Logic Controller Forensics

Cited by 69 publications

References 10 publications

Digital Forensic Analysis of Industrial Control Systems Using Sandboxing: A Case of WAMPAC Applications in the Power Systems

Digital Forensic Analysis of Industrial Control Systems Using Sandboxing: A Case of WAMPAC Applications in the Power Systems

Anomaly Detection for a Water Treatment System Based on One-Class Neural Network

A multimedia recommendation model based on collaborative graph

Contact Info

Product

Resources

About