scholarly journals Detecting Vulnerabilities in Critical Infrastructures by Classifying Exposed Industrial Control Systems Using Deep Learning

2021 ◽  
Vol 11 (1) ◽  
pp. 367
Author(s):  
Pablo Blanco-Medina ◽  
Eduardo Fidalgo ◽  
Enrique Alegre ◽  
Roberto A. Vasco-Carofilis ◽  
Francisco Jañez-Martino ◽  
...  
Keyword(s):  
Deep Learning ◽  
Control Systems ◽  
Transfer Learning ◽  
Critical Infrastructure ◽  
Fine Tuning ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Monitoring Protocols ◽  
Available Information ◽  
Specific Control

Industrial control systems depend heavily on security and monitoring protocols. Several tools are available for this purpose, which scout vulnerabilities and take screenshots of various control panels for later analysis. However, they do not adequately classify images into specific control groups, which is crucial for security-based tasks performed by manual operators. To solve this problem, we propose a pipeline based on deep learning to classify snapshots of industrial control panels into three categories: internet technologies, operation technologies, and others. More specifically, we compare the use of transfer learning and fine-tuning in convolutional neural networks (CNNs) pre-trained on ImageNet to select the best CNN architecture for classifying the screenshots of industrial control systems. We propose the critical infrastructure dataset (CRINF-300), which is the first publicly available information technology (IT)/operational technology (OT) snapshot dataset, with 337 manually labeled images. We used the CRINF-300 to train and evaluate eighteen different pipelines, registering their performance under CPU and GPU environments. We found out that the Inception-ResNet-V2 and VGG16 architectures obtained the best results on transfer learning and fine-tuning, with F1-scores of 0.9832 and 0.9373, respectively. In systems where time is critical and the GPU is available, we recommend using the MobileNet-V1 architecture, with an average time of 0.03 s to process an image and with an F1-score of 0.9758.

scholarly journals MADICS: A Methodology for Anomaly Detection in Industrial Control Systems

Symmetry ◽  
2020 ◽  
Vol 12 (10) ◽  
pp. 1583
Author(s):  
Ángel Luis Perales Gómez ◽  
Lorenzo Fernández Maimó ◽  
Alberto Huertas Celdrán ◽  
Félix J. García Clemente
Keyword(s):  
Deep Learning ◽  
Water Treatment ◽  
Anomaly Detection ◽  
Control Systems ◽  
Learning Algorithms ◽  
Treatment Plant ◽  
Cyber Attacks ◽  
Fine Tuning ◽  
Industrial Control ◽  
Industrial Control Systems

Industrial Control Systems (ICSs) are widely used in critical infrastructures to support the essential services of society. Therefore, their protection against terrorist activities, natural disasters, and cyber threats is critical. Diverse cyber attack detection systems have been proposed over the years, in which each proposal has applied different steps and methods. However, there is a significant gap in the literature regarding methodologies to detect cyber attacks in ICS scenarios. The lack of such methodologies prevents researchers from being able to accurately compare proposals and results. In this work, we present a Methodology for Anomaly Detection in Industrial Control Systems (MADICS) to detect cyber attacks in ICS scenarios, which is intended to provide a guideline for future works in the field. MADICS is based on a semi-supervised anomaly detection paradigm and makes use of deep learning algorithms to model ICS behaviors. It consists of five main steps, focused on pre-processing the dataset to be used with the machine learning and deep learning algorithms; performing feature filtering to remove those features that do not meet the requirements; feature extraction processes to obtain higher order features; selecting, fine-tuning, and training the most appropriate model; and validating the model performance. In order to validate MADICS, we used the popular Secure Water Treatment (SWaT) dataset, which was collected from a fully operational water treatment plant. The experiments demonstrate that, using MADICS, we can achieve a state-of-the-art precision of 0.984 (as well as a recall of 0.750 and F1-score of 0.851), which is above the average of other works, proving that the proposed methodology is suitable for use in real ICS scenarios.

A White Hat Study of a Nation's Publicly Accessible Critical Digital Infrastructure and a Way Forward

2020 ◽  
pp. 1672-1685
Author(s):  
Timo Kiravuo ◽  
Seppo Tiilikainen ◽  
Mikko Särelä ◽  
Jukka Manner
Keyword(s):  
Control Systems ◽  
Critical Infrastructure ◽  
The Internet ◽  
Address Space ◽  
Government Officials ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Playing Field ◽  
Internet Address ◽  
Nation States

The developed society depends on many critical infrastructure processes, such as power generation, water treatment, many types of manufacturing, and smart buildings. These processes need control and the automation industry has embraced the Internet to connect all these controls. However, the controlling devices thus opened to the world do not always have adequate safeguards to withstand malicious users. Many automation systems have default passwords or known and unknown backdoors. Also, often those systems are not updated to close security weaknesses found after original installation. The authors argue that while the industry is familiar with the notion of safety of equipment and processes, it has not focused enough on IT security. Several years ago the Shodan search engine showed how easy it is to find these control devices on the Internet. The authors followed this research line further by targeting one nation's IP address space with Shodan and found thousands of control systems, many of which represent models and versions with known vulnerabilities. Their first contribution is presenting these findings and analyzing their significance. Their study started in 2012 and the most recent results are from the end of 2015. To gain further knowledge, they have built a prototype scanner capable of finding industrial control systems. This lets the authors evaluate the possibility of performing routine scans to gauge the vulnerability of a nation. Their second contribution is to present a template for a national Internet scanning program. The authors discuss the technology, performance, and legality of such a program. Based on their findings and analysis they argue that nations should continuously monitor their own Internet address space for vulnerabilities. The authors' findings indicate that the current level of vulnerabilities is significant and unacceptable. Scanning a nation's critical infrastructure can be done in minutes, allowing them to keep a tight control of vulnerabilities. Yet, in addition, the authors need to extend current legislation and the rights of government officials to bring more security in national critical infrastructures; this discussion is their third contribution. The cyber-space has become a playing field for criminals, terrorists and nation states, all of which may have a motive to disrupt the daily life of a nation, and currently causing such disruptions is too easy.

scholarly journals Continents to Islands: The effect of widespread interconnectivity on critical infrastructure and legacy systems

2015 ◽  
Vol 3 (4) ◽  
pp. 77-83
Author(s):  
Kayne Naughton
Keyword(s):  
Control Systems ◽  
Critical Infrastructure ◽  
Legacy Systems ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Security Challenges ◽  
The World

Interconnected devices and the true ‘internet’ cause security challenges to organisations with critical legacy systems. This article discusses a number of legacy issues around Industrial Control Systems and ‘untouchable’ legacy devices and proposes a number of easy and effective mitigations to the practices that expose them to the world.

scholarly journals Anomaly detection of industrial control systems based on transfer learning

2021 ◽  
Vol 26 (6) ◽  
pp. 821-832
Author(s):  
Weiping Wang ◽  
Zhaorong Wang ◽  
Zhanfan Zhou ◽  
Haixia Deng ◽  
Weiliang Zhao ◽  
...  
Keyword(s):  
Anomaly Detection ◽  
Control Systems ◽  
Transfer Learning ◽  
Industrial Control ◽  
Industrial Control Systems

Patching our Critical Infrastructure

2013 ◽  
pp. 190-216 ◽  
Author(s):  
Konstantin Knorr
Keyword(s):  
Control Systems ◽  
Critical Infrastructure ◽  
Special Focus ◽  
Management Process ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Counter Measures ◽  
The Public ◽  
Security Standards ◽  
Active Measure

Worm epidemics such as Stuxnet and Conficker have raised great interest in the public and media lately and stressed the question of how our critical infrastructure can be protected against such attacks. Besides reactive measures like incident response, pro-active counter measures are required. Patch management is such an essential pro-active measure for the secure operation of our critical infrastructure. It is an indispensable activity which is required in many standards. This chapter focuses on patch and update management for industrial control systems that are part of our critical infrastructure. Standards for the automation of patch management and selected operational security standards are discussed in the context of patch management. The main contribution of the chapter is the definition and description of a standard conform patch management process for industrial control systems with special focus on the interaction between operator and vendor of such systems.

scholarly journals Decomposition and sequential-AND analysis of known cyber-attacks on critical infrastructure control systems

2020 ◽  
Vol 6 (1) ◽  
Author(s):  
Peter Maynard ◽  
Kieran McLaughlin ◽  
Sakir Sezer
Keyword(s):  
Control Systems ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Industrial Control ◽  
Comprehensive Overview ◽  
Industrial Control Systems ◽  
Attack Trees ◽  
Incident Reports ◽  
Detection Strategies ◽  
Cyber Kill Chain

Abstract We perform a detailed survey and analysis of the most significant attacks, which have targeted industrial control systems over the past decade, based on detailed incident reports from scientific and non-traditional resources. This work is the first that considers together a comprehensive set of real-world cyber-attacks with the purpose of deriving a set of common features focusing particularly on the process control network. Each attack is decomposed to provide a comprehensive overview followed by a discussion of the commonalities identified across attacks. To achieve this, each attack is modelled using Attack Trees with Sequential AND, and mapped to the industrial control system Cyber Kill Chain. We focus on the methods of intrusion rather than the identification of actors. This article can be read in two parts: first, an analysis of each attack, and secondly a discussion of the derived commonalities. The resulting commonalities can be used to develop improved detection strategies to detect modern adversarial techniques and tactics.

Sign in / Sign up

Export Citation Format

Share Document