Detecting Malicious Software Execution in Programmable Logic Controllers Using Power Fingerprinting

Abstract : Traditional cyber security mechanisms, such as network-based intrusion detection systems and signature-based antivirus software, have limited effectiveness in industrial control settings, rendering critical infrastructure assets vulnerable to cyber attacks. Even four years after the discovery of Stuxnet, security solutions that can directly monitor the execution of constrained platforms, such as programmable logic controllers, are not yet available. Power fingerprinting, which uses physical measurements from a side channel such as power consumption or electromagnetic emissions, is a promising new technique for detecting malicious software execution in critical systems. The technique can be used to directly monitor the execution of systems with constrained resources without the need to load third-party software artifacts on the platforms.This paper demonstrates the feasibility of using power fingerprinting to directly monitor programmable logic controllers and detect malicious software execution. Experiments with a Siemens S7 programmable logic controller show that power fingerprinting can successfully monitor programmable logic controller execution and detect malware similar to Stuxnet. Indeed, power fingerprinting has the potential to dramatically transform industrial control system security by providing a unified intrusion detection solution for critical systems.
Type de document :
Communication dans un congrès
Jonathan Butts; Sujeet Shenoi. 8th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2014, Arlington, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-441, pp.15-27, 2014, Critical Infrastructure Protection VIII. 〈10.1007/978-3-662-45355-1_2〉
Liste complète des métadonnées

Littérature citée [17 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01386748
Contributeur : Hal Ifip <>
Soumis le : lundi 24 octobre 2016 - 15:31:00
Dernière modification le : lundi 24 octobre 2016 - 15:40:29

Fichier

978-3-662-45355-1_2_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Carlos Aguayo Gonzalez, Alan Hinton. Detecting Malicious Software Execution in Programmable Logic Controllers Using Power Fingerprinting. Jonathan Butts; Sujeet Shenoi. 8th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2014, Arlington, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-441, pp.15-27, 2014, Critical Infrastructure Protection VIII. 〈10.1007/978-3-662-45355-1_2〉. 〈hal-01386748〉

Partager

Métriques

Consultations de la notice

74

Téléchargements de fichiers

97