Search for: All records

This work presents an Intrusion Prevention System (IPS) called the Embedded Process Prediction Intrusion Prevention System (EPPIPS) to detect cyber-attacks by predicting what harm the attacks could cause to the physical process in critical infrastructure. EPIPPS is a digital twin internal to a Programmable Logic Controller (PLC). EPPIPS examines incoming command packets and programs sent to the PLC. If EPPIPS predicts these packets or programs to be harmful, EPPIPS can potentially prevent or limit the harm. EPPIPS consists of a module that examines the packets that would alter settings or actuators and incorporates a model of the physical process to aid in predicting the effect of processing the command. Specifically, EPPIPS determines whether a safety violation would occur for critical variables in the physical system. Experiments were performed on virtual testbeds involving a water tank and pipeline with a variety of command-injection attacks to determine the classification accuracy of EPPIPS. Also, uploaded programs including time and logic bombs are evaluated on whether the programs were unsafe. The results show EEPIPS is effective in predicting effects of setting changes in the PLC. EPPIPS’s accuracy is 98% for the water tank and 96% for the pipeline. 

In this work, a high-fidelity virtual testbed modeling a networked diesel generator, similar to those used commercially and by the military, is described. This testbed consists of a physical system model of a generator, a digital control system, a remote monitoring system, and physical and networked connections. The virtual testbed allows researchers to emulate a cyber-physical system and perform cyber attacks against the system without the monetary and safety risks associated with a testbed created from physical components. The testbed was used to feasibly simulate network, hardware Trojan, and software Trojan attacks against the diesel generator, and to observe the cyber and physical outcomes.