Biblio

The cutting edge of Industry 4.0 has driven everything to be converted to disruptive innovation and digitalized. This digital revolution is imprinted by modern and advanced technology that takes advantage of Big Data and Artificial Intelligence (AI) to nurture from automatic learning systems, smart city, smart energy, smart factory to the edge computing technology, and so on. To harness an appealing, noteworthy, and leading development in smart manufacturing industry, the modern industrial sciences and technologies such as Big Data, Artificial Intelligence, Internet of things, and Edge Computing have to be integrated cooperatively. Accordingly, a suggestion on the integration is presented in this paper. This proposed paper describes the design and implementation of big data platform for intelligence industrial internet of things sensor monitoring system and conveys a prediction of any upcoming errors beforehand. The architecture design is based on edge computing and artificial intelligence. To extend more precisely, industrial internet of things sensor here is about the condition monitoring sensor data - vibration, temperature, related humidity, and barometric pressure inside facility manufacturing factory.

Increasing penetration of distributed energy resources (DERs) in distribution networks expands the cyberattack surface. Moreover, the widely used standard protocols for communicating DER inverters such as Modbus is more vulnerable to data-integrity attacks and denial of service (DoS) attacks because of its native clear-text packet format. This paper proposes a distributed intrusion detection system (D-IDS) architecture and algorithms for detecting anomalies on the DER Modbus communication. We devised a model-based approach to define physics-based threshold bands for analog data points and transaction-based threshold bands for both the analog and discrete data points. The proposed IDS algorithm uses the model- based approach to develop Modbus-specific IDS rule sets, which can enhance the detection accuracy of the anomalies either by data-integrity attacks or maloperation on cyber-physical DER Modbus devices. Further, the IDS algorithm autogenerates the Modbus-specific IDS rulesets in compliance with various open- source IDS rule syntax formats, such as Snort and Suricata, for seamless integration and mitigation of semantic/syntax errors in the development and production environment. We considered the IEEE 13-bus distribution grid, including DERs, as a case study. We conducted various DoS type attacks and data-integrity attacks on the hardware-in-the-loop (HIL) CPS DER testbed at ISU to evaluate the proposed D-IDS. Consequently, we computed the performance metrics such as IDS detection accuracy, IDS detection rate, and end-to-end latency. The results demonstrated that 100% detection accuracy, 100% detection rate for 60k DoS packets, 99.96% detection rate for 80k DoS packets, and 0.25 ms end-to-end latency between DERs to Control Center.

The Automation industries that uses Supervisory Control and Data Acquisition (SCADA) systems are highly vulnerable for Network threats. Systems that are air-gapped and isolated from the internet are highly affected due to insider attacks like Spoofing, DOS and Malware threats that affects confidentiality, integrity and availability of Operational Technology (OT) system elements and degrade its performance even though security measures are taken. In this paper, a behavior-based intrusion prevention system (IPS) is designed for OT networks. The proposed system is implemented on SCADA test bed with two systems replicates automation scenarios in industry. This paper describes 4 main classes of cyber-attacks with their subclasses against SCADA systems and methodology with design of components of IPS system, database creation, Baselines and deployment of system in environment. IPS system identifies not only IT protocols but also Industry Control System (ICS) protocols Modbus and DNP3 with their inside communication fields using deep packet inspection (DPI). The analytical results show 99.89% accuracy on binary classification and 97.95% accuracy on multiclass classification of different attack vectors performed on network with low false positive rate. These results are also validated by actual deployment of IPS in SCADA systems with the prevention of DOS attack.

This paper describes a unified framework for the simulation and analysis of cyber physical systems (CPSs). The framework relies on the FreeBSD-based IMUNES network simulator. Components of the CPS are modeled as nodes within the IMUNES network simulator; nodes that communicate using real TCP/IP traffic. Furthermore, the simulated system can be exposed to other networks and the Internet to make it look like a real SCADA system. The frame-work has been used to simulate a TRIGA nuclear reactor. This is accomplished by creating nodes within the IMUNES network capable of running system modules simulating different CPS components. Nodes communicate using MODBUS/TCP, a widely used process control protocol. A goal of this work is to eventually integrate the simulator with a honeynet. This allows researchers to not only simulate a digital control system using real TCP/IP traffic to test control strategies and network topologies, but also to explore possible cyber attacks and mitigation strategies.

In Industrial Control Systems (ICS/SCADA), machine to machine data traffic is highly periodic. Past work showed that in many cases, it is possible to model the traffic between each individual Programmable Logic Controller (PLC) and the SCADA server by a cyclic Deterministic Finite Automaton (DFA), and to use the model to detect anomalies in the traffic. However, a recent analysis of network traffic in a water facility in the U.S, showed that cyclic-DFA models have limitations. In our research, we examine the same data corpus; our study shows that the communication on all of the channels in the network is done in bursts of packets, and that the bursts have semantic meaning---the order within a burst depends on the messages. Using these observations, we suggest a new burst-DFA model that fits the data much better than previous work. Our model treats the traffic on each channel as a series of bursts, and matches each burst to the DFA, taking the burst's beginning and end into account. Our burst-DFA model successfully explains between 95% and 99% of the packets in the data-corpus, and goes a long way toward the construction of a practical anomaly detection system.

During its nascent stages, Programmable Logic Controllers (PLC) were made robust to sustain tough industrial environments, but little care was taken to raise defenses against potential cyberthreats. The recent interconnectivity of legacy PLCs and SCADA systems with corporate networks and the internet has significantly increased the threats to critical infrastructure. To counter these threats, researchers have put their efforts in finding defense mechanisms that can protect the SCADA network and the PLCs. Encryption is a critical component of security and therefore has been used by many organizations to protect data on the network. However, since PLC vendors don't make available information about their hardware or software, it becomes challenging to embed encryption into their devices, especially if they rely on legacy protocols. This paper describes an alternative design using an open source PLC that was modified to encrypt all data it sends over the network, independently of the protocol used. Experimental results indicated that the encryption layer increased the security of the link without causing a significant overhead.

Cyber-Physical Systems (CPS) represent a fundamental link between information technology (IT) systems and the devices that control industrial production and maintain critical infrastructure services that support our modern world. Increasingly, the interconnections among CPS and IT systems have created exploitable security vulnerabilities due to a number of factors, including a legacy of weak information security applications on CPS and the tendency of CPS operators to prioritize operational availability at the expense of integrity and confidentiality. As a result, CPS are subject to a number of threats from cyber attackers and cyber-physical attackers, including denial of service and even attacks against the integrity of the data in the system. The effects of these attacks extend beyond mere loss of data or the inability to access information system services. Attacks against CPS can cause physical damage in the real world. This paper reviews the challenges of providing information assurance services for CPS that operate critical infrastructure systems and industrial control systems. These methods are thorough measures to close integrity and confidentiality gaps in CPS and processes to highlight the security risks that remain. This paper also outlines approaches to reduce the overhead and complexity for security methods, as well as examine novel approaches, including covert communications channels, to increase CPS security.

With an immense number of threats pouring in from nation states and hacktivists as well as terrorists and cybercriminals, the requirement of a globally secure infrastructure becomes a major obligation. Most critical infrastructures were primarily designed to work isolated from the normal communication network, but due to the advent of the "Smart Grid" that uses advanced and intelligent approaches to control critical infrastructure, it is necessary for these cyber-physical systems to have access to the communication system. Consequently, such critical systems have become prime targets; hence security of critical infrastructure is currently one of the most challenging research problems. Performing an extensive security analysis involving experiments with cyber-attacks on a live industrial control system (ICS) is not possible. Therefore, researchers generally resort to test beds and complex simulations to answer questions related to SCADA systems. Since all conclusions are drawn from the test bed, it is necessary to perform validation against a physical model. This paper examines the fidelity of a virtual SCADA testbed to a physical test bed and allows for the study of the effects of cyber- attacks on both of the systems.

Traffic of Industrial Control System (ICS) between the Human Machine Interface (HMI) and the Programmable Logic Controller (PLC) is highly periodic. However, it is sometimes multiplexed, due to multi-threaded scheduling. In previous work we introduced a Statechart model which includes multiple Deterministic Finite Automata (DFA), one per cyclic pattern. We demonstrated that Statechart-based anomaly detection is highly effective on multiplexed cyclic traffic when the individual cyclic patterns are known. The challenge is to construct the Statechart, by unsupervised learning, from a captured trace of the multiplexed traffic, especially when the same symbols (ICS messages) can appear in multiple cycles, or multiple times in a cycle. Previously we suggested a combinatorial approach for the Statechart construction, based on Euler cycles in the Discrete Time Markov Chain (DTMC) graph of the trace. This combinatorial approach worked well in simple scenarios, but produced a false-alarm rate that was excessive on more complex multiplexed traffic. In this paper we suggest a new Statechart construction method, based on spectral analysis. We use the Fourier transform to identify the dominant periods in the trace. Our algorithm then associates a set of symbols with each dominant period, identifies the order of the symbols within each period, and creates the cyclic DFAs and the Statechart. We evaluated our solution on long traces from two production ICS: one using the Siemens S7-0x72 protocol and the other using Modbus. We also stress-tested our algorithms on a collection of synthetically-generated traces that simulate multiplexed ICS traces with varying levels of symbol uniqueness and time overlap. The resulting Statecharts model the traces with an overall median false-alarm rate as low as 0.16% on the synthetic datasets, and with zero false-alarms on production S7-0x72 traffic. Moreover, the spectral analysis Statecharts consistently out-performed the previous combinatorial Statecharts, exhibiting significantly lower false alarm rates and more compact model sizes.

Critical Infrastructure represents the basic facilities, services and installations necessary for functioning of a community, such as water, power lines, transportation, or communication systems. Any act or practice that causes a real-time Critical Infrastructure System to impair its normal function and performance will have debilitating impact on security and economy, with direct implication on the society. SCADA (Supervisory Control and Data Acquisition) system is a control system which is widely used in Critical Infrastructure System to monitor and control industrial processes autonomously. As SCADA architecture relies on computers, networks, applications and programmable controllers, it is more vulnerable to security threats/attacks. Traditional SCADA communication protocols such as IEC 60870, DNP3, IEC 61850, or Modbus did not provide any security services. Newer standards such as IEC 62351 and AGA-12 offer security features to handle the attacks on SCADA system. However there are performance issues with the cryptographic solutions of these specifications when applied to SCADA systems. This research is aimed at improving the performance of SCADA security standards by employing NTRU, a faster and light-weight NTRU public key algorithm for providing end-to-end security.