Skip to Main content Skip to Navigation
New interface
Conference papers

Quantifying Controller Resilience Using Behavior Characterization

Abstract : Supervisory control and data acquisition (SCADA) systems monitor and control major components of the critical infrastructure. Targeted malware such as Stuxnet is an example of a covert cyber attack against a SCADA system that resulted in physical effects. Of particular significance is how Stuxnet exploited the trust relationship between the human machine interface (HMI) and programmable logic controllers (PLCs). Current methods for validating system operating parameters rely on message exchange and network communications protocols, which are generally observed at the HMI. Although sufficient at the macro level, this method does not support the detection of malware that causes physical effects via the covert manipulation of a PLC. This paper introduces an alternative method that leverages the direct analysis of PLC inputs and outputs to derive the true state of SCADA devices. The input-output behavior characteristics are modeled using Petri nets to derive metrics for quantifying the resilience of PLCs against malicious exploits. The method enables the detection of programming changes that affect input-output relationships, the identification of the degree of deviation from a baseline program and the minimization of performance losses due to disruptive events.
Document type :
Conference papers
Complete list of metadata

Cited literature [7 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, March 6, 2017 - 3:02:05 PM
Last modification on : Sunday, April 29, 2018 - 1:48:02 PM
Long-term archiving on: : Wednesday, June 7, 2017 - 2:29:22 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Henry Bushey, Juan Lopez, Jonathan Butts. Quantifying Controller Resilience Using Behavior Characterization. 6th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2012, Washington, DC, United States. pp.71-83, ⟨10.1007/978-3-642-35764-0_6⟩. ⟨hal-01483821⟩



Record views


Files downloads