 |
Advances in Digital Forensics XIII 13th IFIP WG 11.9 International Conference Orlando, FL, USA, January 30-February 1, 2017 |
 |
Conference papers
Detecting Anomalous Programmable Logic Controller Events Using Machine Learning
Abstract : Industrial control system failures can be hazardous to human lives and the environment. Programmable logic controllers are major components of industrial control systems that are used across the critical infrastructure. Attack and accident investigations involving programmable logic controllers rely on forensic techniques to establish the root causes and to develop mitigation strategies. However, programmable logic controller forensics is a challenging task, primarily because of the lack of system logging. This chapter proposes a novel methodology that logs the values of relevant memory addresses used by a programmable logic controller program along with their timestamps. Machine learning techniques are applied to the logged data to identify anomalous or abnormal programmable logic controller operations. An application of the methodology to a simulated traffic light control system demonstrates its effectiveness in performing forensic investigations of programmable logic controllers.
Cited literature [12 references]
https://hal.inria.fr/hal-01716409
Contributor : Hal Ifip <>
Submitted on : Friday, February 23, 2018 - 3:51:02 PM
Last modification on : Friday, February 23, 2018 - 3:51:47 PM
Document(s) archivé(s) le : Friday, May 25, 2018 - 6:19:03 AM
Contributor : Hal Ifip <>
Submitted on : Friday, February 23, 2018 - 3:51:02 PM
Last modification on : Friday, February 23, 2018 - 3:51:47 PM
Document(s) archivé(s) le : Friday, May 25, 2018 - 6:19:03 AM
File
456364_1_En_5_Chapter.pdf
Files produced by the author(s)
Licence
Distributed under a Creative Commons Attribution 4.0 International License
