Truth Will Out

Wissam Aoudi, Mikel Iturbe, Magnus Almgren
2018 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security - CCS '18  
Recent incidents have shown that Industrial Control Systems (ICS) are becoming increasingly susceptible to sophisticated and targeted attacks initiated by adversaries with high motivation, domain knowledge, and resources. Although traditional security mechanisms can be implemented at the IT-infrastructure level of such cyber-physical systems, the community has acknowledged that it is imperative to also monitor the process-level activity, as attacks on ICS may very well influence the physical
more » ... cess. In this paper, we present pasad, a novel stealthy-attack detection mechanism that monitors time series of sensor measurements in real time for structural changes in the process behavior. We demonstrate the effectiveness of our approach through simulations and experiments on data from real systems. Experimental results show that pasad is capable of detecting not only significant deviations in the process behavior, but also subtle attack-indicating changes, significantly raising the bar for strategic adversaries who may attempt to maintain their malicious manipulation within the noise level.
doi:10.1145/3243734.3243781 dblp:conf/ccs/AoudiIA18 fatcat:rh3bvs2wcbgdli3nngjohkv42e