Abstract : Industrial control system failures can be hazardous to human lives and the environment. Programmable logic controllers are major components of industrial control systems that are used across the critical infrastructure. Attack and accident investigations involving programmable logic controllers rely on forensic techniques to establish the root causes and to develop mitigation strategies. However, programmable logic controller forensics is a challenging task, primarily because of the lack of system logging. This chapter proposes a novel methodology that logs the values of relevant memory addresses used by a programmable logic controller program along with their timestamps. Machine learning techniques are applied to the logged data to identify anomalous or abnormal programmable logic controller operations. An application of the methodology to a simulated traffic light control system demonstrates its effectiveness in performing forensic investigations of programmable logic controllers.
https://hal.inria.fr/hal-01716409
Contributor : Hal Ifip <>
Submitted on : Friday, February 23, 2018 - 3:51:02 PM Last modification on : Friday, February 23, 2018 - 3:51:47 PM Long-term archiving on: : Friday, May 25, 2018 - 6:19:03 AM
Ken Yau, Kam-Pui Chow. Detecting Anomalous Programmable Logic Controller Events Using Machine Learning. 13th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2017, Orlando, FL, United States. pp.81-94, ⟨10.1007/978-3-319-67208-3_5⟩. ⟨hal-01716409⟩