Skip to Main content Skip to Navigation
Conference papers

Detecting Anomalous Programmable Logic Controller Events Using Machine Learning

Abstract : Industrial control system failures can be hazardous to human lives and the environment. Programmable logic controllers are major components of industrial control systems that are used across the critical infrastructure. Attack and accident investigations involving programmable logic controllers rely on forensic techniques to establish the root causes and to develop mitigation strategies. However, programmable logic controller forensics is a challenging task, primarily because of the lack of system logging. This chapter proposes a novel methodology that logs the values of relevant memory addresses used by a programmable logic controller program along with their timestamps. Machine learning techniques are applied to the logged data to identify anomalous or abnormal programmable logic controller operations. An application of the methodology to a simulated traffic light control system demonstrates its effectiveness in performing forensic investigations of programmable logic controllers.
Complete list of metadatas

Cited literature [12 references]  Display  Hide  Download

https://hal.inria.fr/hal-01716409
Contributor : Hal Ifip <>
Submitted on : Friday, February 23, 2018 - 3:51:02 PM
Last modification on : Friday, February 23, 2018 - 3:51:47 PM
Document(s) archivé(s) le : Friday, May 25, 2018 - 6:19:03 AM

File

456364_1_En_5_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Ken Yau, Kam-Pui Chow. Detecting Anomalous Programmable Logic Controller Events Using Machine Learning. 13th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2017, Orlando, FL, United States. pp.81-94, ⟨10.1007/978-3-319-67208-3_5⟩. ⟨hal-01716409⟩

Share

Metrics

Record views

132

Files downloads

65