Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems

Formby, David; Srinivasan, Preethi; Leonard, Andrew; Rogers, Jonathan; Beyah, Raheem

doi:10.14722/ndss.2016.23142

Cited by 123 publications

(83 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Techniques to track users can be divided into stateless and stateful approaches. Stateless approaches use specific attributes of the users' device to identify it [1,9,13,37,53] (often called "device fingerprinting"). In contrast, stateful approaches use the machine's state to identify users.…”

Section: Online Trackingmentioning

confidence: 99%

Beyond the Front Page:Measuring Third Party Dynamics in the Field

Urban¹,

Degeling

Holz

et al. 2020

Proceedings of the Web Conference 2020

View full text Add to dashboard Cite

In the modern Web, service providers often rely heavily on third parties to run their services. For example, they make use of ad networks to finance their services, externally hosted libraries to develop features quickly, and analytics providers to gain insights into visitor behavior.For security and privacy, website owners need to be aware of the content they provide their users. However, in reality, they often do not know which third parties are embedded, for example, when these third parties request additional content as it is common in real-time ad auctions.In this paper, we present a large-scale measurement study to analyze the magnitude of these new challenges. To better reflect the connectedness of third parties, we measured their relations in a model we call third party trees, which reflects an approximation of the loading dependencies of all third parties embedded into a given website. Using this concept, we show that including a single third party can lead to subsequent requests from up to eight additional services. Furthermore, our findings indicate that the third parties embedded on a page load are not always deterministic, as 50 % of the branches in the third party trees change between repeated visits. In addition, we found that 93 % of the analyzed websites embedded third parties that are located in regions that might not be in line with the current legal framework. Our study also replicates previous work that mostly focused on landing pages of websites. We show that this method is only able to measure a lower bound as subsites show a significant increase of privacy-invasive techniques. For example, our results show an increase of used cookies by about 36 % when crawling websites more deeply.

show abstract

Section: Online Trackingmentioning

confidence: 99%

Beyond the Front Page:Measuring Third Party Dynamics in the Field

Urban¹,

Degeling

Holz

et al. 2020

Proceedings of the Web Conference 2020

View full text Add to dashboard Cite

show abstract

“…False positives in process 2 The developed model for process 2 created eight false positives. In Table 6, pairs (1, 2), (4,5), and (6, 7) have the same related attacks. Therefore, there were five independent false positives, and four of them were true.…”

Section: Analysis On False Positives (False Alarms)mentioning

confidence: 99%

Anomaly Detection for Industrial Control Systems Using Sequence-to-Sequence Neural Networks

Kim

Yun

Kim

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

This study proposes an anomaly detection method for operational data of industrial control systems (ICSs). Sequence-to-sequence neural networks were applied to train and predict ICS operational data and interpret their time-series characteristic. The proposed method requires only a normal dataset to understand ICS's normal state and detect outliers. This method was evaluated with SWaT (secure water treatment) dataset, and 29 out of 36 attacks were detected. The reported method also detects the attack points, and 25 out of 53 points were detected. This study provides a detailed analysis of false positives and false negatives of the experimental results.

show abstract

“…However, IoT devices use numerous protocols and it would be nearly impossible to attempt such analysis on a per protocol and per device basis. Physical layer based device fingerprinting has received considerable attention [14], [15], [16], [17], [18] where the focus is on analyzing the physical aspects of devices to fingerprint them. All these works focused on general wireless devices and their applicability to IoT devices is an open question.…”

Section: State Of Current Researchmentioning

confidence: 99%

Behavioral Fingerprinting of IoT Devices

Bezawada

Bachani

Peterson

et al. 2018

Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security

161

101

View full text Add to dashboard Cite

The Internet-of-Things (IoT) has brought in new challenges in device identification -what the device is, and authentication -is the device the one it claims to be. Traditionally, the authentication problem is solved by means of a cryptographic protocol. However, the computational complexity of cryptographic protocols and/or scalability problems related to key management, render almost all cryptography based authentication protocols impractical for IoT. The problem of device identification is, on the other hand, sadly neglected. We believe that device fingerprinting can be used to solve both these problems effectively. In this work, we present a methodology to perform device behavioral fingerprinting that can be employed to undertake device type identification. A device behavior is approximated using features extracted from the network traffic of the device. These features are used to train a machine learning model that can be used to detect similar device types. We validate our approach using five-fold cross validation; we report a identification rate of 86-99% and a mean accuracy of 99%, across all our experiments. Our approach is successful even when a device uses encrypted communication. Furthermore, we show preliminary results for fingerprinting device categories, i.e., identifying different device types having similar functionality.

show abstract

Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems

Cited by 123 publications

References 18 publications

Beyond the Front Page:Measuring Third Party Dynamics in the Field

Beyond the Front Page:Measuring Third Party Dynamics in the Field

Anomaly Detection for Industrial Control Systems Using Sequence-to-Sequence Neural Networks

Behavioral Fingerprinting of IoT Devices

Contact Info

Product

Resources

About