CAO Ce,XIE Lun,LI Lian-peng,WANG Zhi-liang

DOI: https://doi.org/10.13374/j.issn2095-9389.2019.08.013

2019-01-01

Chinese Journal of Engineering

Abstract:As induction motors are the control core in variable-frequency speed-regulating systems, their efficient operation in industrial production processes needs to be ensured. To realize this, the accuracy and security of control commands and equipment parameters have been the priorities for industrial security protection research. This study aims to investigate the intrusion detection techniques of the AC-DC-AC variable-frequency vector control system for induction motors under EtherCAT industrial bus. First, the EtherCAT bus protocol is deeply analyzed, and combined with the EtherCAT industrial bus common protocol vulnerabilities that have been discovered so far, the key characteristics of the protocol data packets are extracted, and the EtherCAT bus protocol intrusion detection rule base is constructed. A three-dimensional pointer linked list tree is used as the retrieval data structure for the EtherCAT bus protocol rule base. Second, model parameters are simulated and calculated based on the physical model of the AC-DC-AC inverter vector control system of the induction motor. Then a least-squares support vector machine (LSSVM) with the characteristics of vector control model intrusion is constructed on the basis of the simulation results, and the parameters of LSSVM classifier are optimized using the chaotic particle swarm optimization (CPSO) algorithm, both of which constitute the CPSO-LSSVM intrusion detection classification algorithm. After the anomaly data packets are classified, they will be transferred to the Suricata intrusion detection engine for precise rule matching. Finally, a physical experiment environment is built for the intrusion detection system. The simulation results of the AC-DC-AC variable-frequency vector control model in this paper show good dynamic performance, which is similar to the trend of waveform change on actual vector control system parameters. The effectiveness of the intrusion detection system is verified by extracting part of the KDD Cup99 test dataset to implement the behaviors of attacks, such as the denial of service (DOS), remote-to-local (R2L), user-to-root (U2R), and Probing attacks on the intrusion detection system.

Nana Li,Yong Wang,Pengfei Shen,Shuangfei Li,Lin Zhou

DOI: https://doi.org/10.4236/jcc.2022.104001

2022-01-01

Journal of Computer and Communications

Abstract:In response to the frequent safety accidents of industrial robots, this paper designs and implements a safety detection system for robot control. It can perform real-time security detection of robot operations on industrial production lines to improve the security and reliability of robot control systems. This paper designs and implements a robot control system based Snort-BASE for real-time online detection of DoS attacks. The system uses a six-degree-of-freedom robotic arm as an example, uses Snort to record the network communication data of the robot arm control system in real time, and filters the network traffic through self-defined rules, and then uses the BASE analysis platform to achieve security analysis of the network traffic. The solution verifies the effectiveness of online real-time detection of attacks and visualisation of attack records by designing simulated robotic arm and real robotic arm attack experiments respectively, thus achieving the security of network communication of the robot remote control system.

Vuk Lesi,Marcio Juliato,Shabbir Ahmed,Christopher Gutierrez,Qian Wang,Manoj Sastry

DOI: https://doi.org/10.48550/arxiv.2106.09826

2021-01-01

Abstract:Closed-loop control systems employ continuous sensing and actuation to maintain controlled variables within preset bounds and achieve the desired system output. Intentional disturbances in the system, such as in the case of cyberattacks, can compromise reachability of control goals, and in several cases jeopardize safety. The increasing connectivity and exposure of networked control to external networks has enabled attackers to compromise these systems by exploiting security vulnerabilities. Attacks against safety-critical control loops can not only drive the system over a trajectory different from the desired, but also cause fatal consequences to humans. In this paper we present a physics-based Intrusion Detection System (IDS) aimed at increasing the security in control systems. In addition to conventional process state estimation for intrusion detection, since the controller cannot be trusted, we introduce a controller state estimator. Additionally, we make our detector context-aware by utilizing sensor measurements from other control loops, which allows to distinguish and characterize disturbances from attacks. We introduce adaptive thresholding and adaptive filtering as means to achieve context-awareness. Together, these methodologies allow detection and localization of attacks in closed-loop controls. Finally, we demonstrate feasibility of the approach by mounting a series of attacks against a networked Direct Current (DC) motor closed-loop speed control deployed on an ECU testbed, as well as on a simulated automated lane keeping system. Among other application domains, this set of approaches is key to support security in automotive systems, and ultimately increase road and passenger safety.

Yulin Zhou,Lun Xie,Hang Pan

DOI: https://doi.org/10.3390/app12062765

2022-03-08

Applied Sciences

Abstract:The automation and intelligence of industrial manufacturing is the core of the fourth industrial revolution, and robotic arms and proprietary networked information systems are an integral part of this vision. However, with the benefits come risks that have been overlooked, and robotic arms have become a heavily attacked area. In order to improve the security of the robotic arm system, this paper proposes an intrusion detection method based on a state classification model. The closure operation process of the robotic arm is divided into five consecutive states, while a support vector machine based on the particle swarm optimization algorithm (PSO-H-SVM) classifies the operation state of the robotic arm. In the detection process, the classifier predicts the operation state of the robotic arm in real time, and the detection method determines whether the state transfer meets the logical requirements, and then determines whether the intrusion occurs. In addition, a response mechanism is proposed on the basis of the intrusion detection system to make protection measures for the robotic arm system. Finally, a physical experiment platform was built to test the intrusion detection method. The results showed that the classification accuracy of the PSO-H-SVM algorithm reached 96.02%, and the detection accuracy of the intrusion detection method reached 90%, which verified the effectiveness and reliability of the intrusion detection method.

Wenbin Yu,Yiyin Wang,Lei Song

DOI: https://doi.org/10.20944/preprints201912.0174.v1

2019-01-01

Abstract:Standard Ethernet (IEEE 802.3 and the TCP/IP protocol suite) is gradually applied in industrial control system (ICS) with the development of information technology. It breaks the natural isolation of ICS, but contains no security mechanism. A modified intrusion detection system (IDS), which is strongly correlated to specific industrial scenario, is necessary for modern ICS. On the one hand, this paper outlines attack models, including infiltration attacks and our creative forging attack. On the other hand, we proposes a hierarchical IDS, which contains a traffic prediction model and an anomaly detection model. The traffic prediction model, which is based on autoregressive integrated moving average (ARIMA), can forecast the traffic of ICS network in the short term and precisely detect the infiltration attacks according to abnormal changes in traffic pattern. The anomaly detection model using one-class support vector machine (OCSVM) is able to detect malicious control instructions by analyzing the key field in EtherNet/IP packets. The experimental results show that the hierarchical IDS has an outstanding performance in detecting infiltration attacks and forging attack compared with other two innovative IDSs.

GAO Yi-wei,ZHOU Rui-kang,LAI Ying-xu,FAN Ke-feng,YAO Xiang-zhen,LI Lin

DOI: https://doi.org/10.11959/j.issn.1000-436x.2017133

2017-01-01

Abstract:At present, intrusion detection system over fieldbus network layer was a basic protection method in industrial control system. However, it has some weakness, such as poor generality, high false-positive rate, and unable to detect unknown anomaly. An industrial control system intrusion detection method based on fieldbus network equipment simula-tion was proposed. The method prevented control program from being tampered or destroyed based on controller simula-tion modelling. Controlled object simulation modelling was designed for ensuring that the system input was credible. Thus the intrusion detection of industrial control network was realized. At last, the results indicate that the proposed in-trusion detecting method is available.

Wenbin Yu,Yiyin Wang,Lei Song

DOI: https://doi.org/10.3390/electronics8121545

IF: 2.9

2019-01-01

Electronics

Abstract:Standard Ethernet (IEEE 802.3 and the TCP/IP protocol suite) is gradually applied in industrial control system (ICS) with the development of information technology. It breaks the natural isolation of ICS, but contains no security mechanisms. An improved intrusion detection system (IDS), which is strongly correlated to specific industrial scenarios, is necessary for modern ICS. On one hand, this paper outlines three kinds of attack models, including infiltration attacks, creative forging attacks, and false data injection attacks. On the other hand, a two stage IDS is proposed, which contains a traffic prediction model and an anomaly detection model. The traffic prediction model, which is based on the autoregressive integrated moving average (ARIMA), can forecast the traffic of the ICS network in the short term and detect infiltration attacks precisely according to the abnormal changes in traffic patterns. Furthermore, the anomaly detection model, using a one class support vector machine (OCSVM), is able to detect malicious control instructions by analyzing the key field in Ethernet/IP packets. The confusion matrix is selected to testify to the effectiveness of the proposed method, and two other innovative IDSs are used for comparison. The experiment results show that the proposed two stage IDS in this paper has an outstanding performance in detecting infiltration attacks, forging attacks, and false data injection attacks compared with other IDSs.

Pengfei Liu,Chen Wei,Yunan Cai,Ting Liu

DOI: https://doi.org/10.1109/ICC40277.2020.9149053

2020-01-01

Abstract:In Industrial Control Systems, isolated proprietary networks are widely used to prevent cyber attacks from Internet. However, the attack can bypass it by connecting external devices into networks, named as device-connected attack. In field bus networks, this attack is hard to be prevented but easy to be implemented. In this paper, the physical intrusion detection is proposed against the device-connected attack. Rather than the network traffic in network intrusion detection, the impedance of whole system and voltage signals are applied to detect the device-connected attack, which would be slightly changed when the external devices are connected. The demo system is implemented on RS485 bus network to demonstrate the effectiveness of proposed method.

Lianpeng Li,Xu Zhao,Junfang Fan,Fuchao Liu,Ning Liu,Hui Zhao

DOI: https://doi.org/10.1016/j.future.2023.11.027

2024-01-01

Abstract:The security of industrial Internet of Things (IIOT) has recently attracted significant attention. As typical IIoT systems, industrial robots are suffering from lots of threats involving control, communication, and computing, which are difficult to detect IIoT attacks accurately in real-time due to resource constraints. How to efficiently and accurately identify IoT attacks on industrial robots is challenging. To address this, we propose a trustworthy security model (TSM) with a fusion design that integrates an improved deep Q-network (IDQN) and a control model, thus accelerating the model training process by reducing the network traversal space and improving detection accuracy by establishing a prejudgment mechanism. We initially provide a detailed overview of existing methods for robot security and derive a robot control model consisting of kinematics and kinetic. Then, a 17-labeled dataset named iRobot security dataset is established to train the TSM. Moreover, we established a robot physical platform to evaluate the performance of TSM, and five cyber security indicators are employed to quantify the performance. Experimental results show that TSM detects attacks at an average rate of 98.7 % and a 0.01 s latency, which demonstrates the excellent performance in detection accuracy and detection efficiency, and provides an idea for solving these issues.

Jianlei Gao,Jun Li,Hao Jiang,Yaobing Li,Hengzhi Quan

DOI: https://doi.org/10.1109/cac51589.2020.9327136

2020-01-01

Abstract:Measurement and control system integrating different software and hardware is used to measure parameters, monitor process and control operation, which has been widely applied in critical infrastructures and has adopted Ethernet for data exchange. The recent publications have indicated that measurement and control systems are very vulnerable when they are exposed to cyber-attacks due to various intrinsic security weakness. Fins protocol as one of the most popular protocols is built into a larger number of Ormon devices that are used in different kinds of measurement, and control systems and has been targeted as the desirable candidate for cyber-attack. However, the traditional detection method based on traffic analysis and function code compliance detection is unable to detect mode-switching attack that is consistent with the protocol syntax, and it is a very harmful network attack against industrial devices. In this paper, we analyze the defects of measurement and control system using Fins protocol, launch mode-switching attack against Ormon PLC devices and display how to defend against this attack by designing a detection rules insert into Snort. Then, this detection approach is carried out to protect the security of Ormon PLC. Finally, the experimental results show that our detection approach can distinguish and detect this malicious cyber-attack efficiently.

Xiangming Wang,Yang Liu,Kexin Jiao,Pengfei Liu,Xiapu Luo,Ting Liu

DOI: https://doi.org/10.1109/tifs.2024.3374596

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The rapid development of distributed control technologies has made Fieldbus networks widely used in industrial control systems (ICSs). Meanwhile, the weak security protection of Fieldbus networks exposes potential attack paths for attackers. Attackers can tap covert and unauthorized external devices (i.e., intrusion devices) into the network to launch attacks. As the intrusion device can remain silent when eavesdropping, there is no detectable abnormal traffic in the network to detect the intrusion device. In this paper, we analytically prove that the observed signals sent from any benign device will inevitably change when the intrusion device is tapped into the Fieldbus network. With this knowledge, we construct the channel-state group fingerprint from the communication signals of each benign device and propose a collaborative intrusion detection mechanism for physical access, PhyCID, to passively detect the covert intrusion device. Detection results on a real power distribution cabinet, an RS485 bus testbed, and a controller area network (CAN) bus testbed indicate that PhyCID is purely passive, environmentally adaptive, and protocol-independent in most Fieldbus networks, including RS485 and CAN. Furthermore, extensive experiments under different scenarios demonstrate the effectiveness and robustness of PhyCID.

Wang Yusheng,Fan Kefeng,Lai Yingxu,Liu Zenghui,Zhou Ruikang,Yao Xiangzhen,Li Lin

DOI: https://doi.org/10.1109/isads.2017.29

2017-01-01

Abstract:Modbus over TCP/IP is one of the most popular industrial network protocol that are widely used in critical infrastructures. However, vulnerability of Modbus TCP protocol has attracted widely concern in the public. The traditional intrusion detection methods can identify some intrusion behaviors, but there are still some problems. In this paper, we present an innovative approach, SD-IDS (Stereo Depth IDS), which is designed for perform real-time deep inspection for Modbus TCP traffic. SD-IDS algorithm is composed of two parts: rule extraction and deep inspection. The rule extraction module not only analyzes the characteristics of industrial traffic, but also explores the semantic relationship among the key field in the Modbus TCP protocol. The deep inspection module is based on rule-based anomaly intrusion detection. Furthermore, we use the online test to evaluate the performance of our SD-IDS system. Our approach get a low rate of false positive and false negative.

Qian Wang,Yiming Qian,Zhaojun Lu,Yasser Shoukry,Gang Qu

DOI: https://doi.org/10.1109/asianhost.2018.8607178

2018-01-01

Abstract:The recent developments in the automobile industry and the self-driving technology necessitated an increase in the traditional automobile features to guarantee the drivers safety, improve the driving convenience and realize the autonomous driving. To support these necessary functions and features, a significant amount of the hardware equipment, i.e., Electronic Control Unit (ECU), is integrated into the car system. However, these ECUs also bring security vulnerabilities because their communication follows the Controller Area Network (CAN) protocol that was designed without supporting message origin authentication. Several methods to resolve this problem have been proposed in the literature, but most of them would require heavy communications and calculations to support the cryptography algorithms. In this paper, we propose a delay-based Intrusion Detection System (IDS) to protect the CAN network by identifying the location of the compromised ECU for the in-vehicle network. We develop and implement our detection method on CAN bus prototype, and our results show that our method is capable of an overall detection accuracy above 97%. The proposed scheme is demonstrated to protect the integrity of the messages on CAN bus leading to a further improve the security and safety of autonomous vehicles.

Pritam Dash,Mehdi Karimibiuki,Karthik Pattabiraman

DOI: https://doi.org/10.1145/3419474

2021-03-31

Digital Threats: Research and Practice

Abstract:Robotic vehicles (RV) are increasing in adoption in many industrial sectors. RVs use auto-pilot software for perception and navigation and rely on sensors and actuators for operating autonomously in the physical world. Control algorithms have been used in RVs to minimize the effects of noisy sensors, prevent faulty actuator output, and, recently, to detect attacks against RVs. In this article, we demonstrate the vulnerabilities in control-based intrusion detection techniques and propose three kinds of stealthy attacks that evade detection and disrupt RV missions. We also propose automated algorithms for performing the attacks without requiring the attacker to expend significant effort or to know specific details of the RV, thus making the attacks applicable to a wide range of RVs. We demonstrate the attacks on eight RV systems including three real vehicles in the presence of an Intrusion Detection System using control-based techniques to monitor RV’s runtime behavior and detect attacks. We find that the control-based techniques are incapable of detecting our stealthy attacks and that the attacks can have significant adverse impact on the RV’s mission (e.g., deviate it significantly from its target, or cause it to crash).

Yulong Fu,Zheng Yan,Jin Cao,Ousmane Kone,Xuefei Cao

DOI: https://doi.org/10.1155/2017/1750637

2017-01-01

Mobile Information Systems

Abstract:Internet of Things (IoT) transforms network communication to Machine-to-Machine (M2M) basis and provides open access and new services to citizens and companies. It extends the border of Internet and will be developed as one part of the future 5G networks. However, as the resources of IoT’s front devices are constrained, many security mechanisms are hard to be implemented to protect the IoT networks. Intrusion detection system (IDS) is an efficient technique that can be used to detect the attackers when cryptography is broken, and it can be used to enforce the security of IoT networks. In this article, we analyzed the intrusion detection requirements of IoT networks and then proposed a uniform intrusion detection method for the vast heterogeneous IoT networks based on an automata model. The proposed method can detect and report the possible IoT attacks with three types: jam-attack, false-attack, and reply-attack automatically. We also design an experiment to verify the proposed IDS method and examine the attack of RADIUS application.

Abdul Majid Jamil,Jianhua Zhou,Di Wang,Hassan Jalil Hadi,Yue Cao

DOI: https://doi.org/10.1007/978-981-19-5751-2_14

2022-01-01

Abstract:AbstractModern automobiles are controlled via networked controls. The majority of networks were built with minimal regard to security. Researchers expect to see a variety of attacks on the system recently, prompting them to share their data. This chapter discusses the weaknesses of the Controller Area Network (CAN) within the in-automobile communication protocol and several possible attacks that may be used against it. In addition, we present recent security detection schemes that have been offered in the current level of research to counteract the threats. The primary purpose of this study is to showcase an integrated technique known as an intrusion detection system (IDS). It has been a significant instrument in protecting information and networks systems for decades. Therefore, we have presented a detailed literature review examining existing IDS. For the investigation of IDS, we considered the following aspects: approaches used for detection, strategies used for deployment, attack mechanisms, and technical issues and challenges. We classify and compare current IDS approaches based on criteria such as real-time limitations, hardware types, CAN Bus behavior changes, attack mitigation types, and software/hardware used to validate these systems. Similarly, other scholars will be encouraged to pursue IDS research on the CAN bus system as a result of the current study.KeywordsIntrusion detection systemIn-automobile SecurityIDS Attacks and Defense CAN bus Architecture and its SecurityAnomaly Based Detection

Davide Quarta,Marcello Pogliani,Mario Polino,Federico Maggi,Andrea Maria Zanchettin,Stefano Zanero

DOI: https://doi.org/10.1109/sp.2017.20

2017-05-01

Abstract:Industrial robots, automated manufacturing, and efficient logistics processes are at the heart of the upcoming fourth industrial revolution. While there are seminal studies on the vulnerabilities of cyber-physical systems in the industry, as of today there has been no systematic analysis of the security of industrial robot controllers. We examine the standard architecture of an industrial robot and analyze a concrete deployment from a systems security standpoint. Then, we propose an attacker model and confront it with the minimal set of requirements that industrial robots should honor: precision in sensing the environment, correctness in execution of control logic, and safety for human operators. Following an experimental and practical approach, we then show how our modeled attacker can subvert such requirements through the exploitation of software vulnerabilities, leading to severe consequences that are unique to the robotics domain. We conclude by discussing safety standards and security challenges in industrial robotics.

Zixiang Bi,Guoai Xu,Guosheng Xu,Miaoqing Tian,Ruobing Jiang,Sutao Zhang

DOI: https://doi.org/10.1155/2022/2554280

IF: 1.968

2022-03-07

Security and Communication Networks

Abstract:As the number and computational power of electronic computing units installed in standard automobiles continue to increase, contemporary motor vehicles face more cybersecurity threats than previous designs, while providing greater convenience and various useful features. Although vehicles are attacked at various entry points, eventually, attacks are injected into the in-vehicle controller area network (CAN) to cause vehicle anomalies. Currently, OEMs and research fields have implemented protection for the CAN bus in terms of external interfaces, internal protocols, and intrusion detection. Although the deployment of intrusion detection solutions is the most effective approach, the main challenges currently faced by automobile intrusion detection algorithms in practice involve limited computing resources, insufficient real-time responsiveness, and low recognition accuracy. In this study, we propose a novel intrusion detection method based on the message and time transfer matrix to address these difficulties, which can be applied to the vehicle Electronic Control Unit (ECU) to achieve real-time attack signal identification with high accuracy. Experiments on actual vehicles show that the proposed algorithm identified various attacks with high accuracy while consuming less computational and storage resources than previous methods. Moreover, the efficiency of the proposed algorithm is not affected by the attack injection frequency. Compared with other methods, the proposed method achieved better attack identification performance. Additionally, the message and time transfer matrix used by the algorithm can be used as a message transfer fingerprint of the CAN bus to discover anomalies.

computer science, information systems,telecommunications

Chunjie Zhou,Shuang Huang,Naixue Xiong,Shuang-Hua Yang,Huiyun Li,Yuanqing Qin,Xuan Li

DOI: https://doi.org/10.1109/TSMC.2015.2415763

2015-01-01

Abstract:Industrial process automation is undergoing an increased use of information communication technologies due to high flexibility interoperability and easy administration. But it also induces new security risks to existing and future systems. Intrusion detection is a key technology for security protection. However, traditional intrusion detection systems for the IT domain are not entirely suitable for industrial process automation. In this paper, multiple models are constructed by comprehensively analyzing the multidomain knowledge of field control layers in industrial process automation, with consideration of two aspects: physics and information. And then, a novel multimodel-based anomaly intrusion detection system with embedded intelligence and resilient coordination for the field control system in industrial process automation is designed. In the system, an anomaly detection based on multimodel is proposed, and the corresponding intelligent detection algorithms are designed. Furthermore, to overcome the disadvantages of anomaly detection, a classifier based on an intelligent hidden Markov model, is designed to differentiate the actual attacks from faults. Finally, based on a combination simulation platform using optimized performance network engineering tool, the detection accuracy and the real-time performance of the proposed intrusion detection system are analyzed in detail. Experimental results clearly demonstrate that the proposed system has good performance in terms of high precision and good real-time capability.

Riadul Islam,Rafi Ud Daula Refat,Sai Manikanta Yerram,Hafiz Malik

DOI: https://doi.org/10.1109/tits.2020.3025685

IF: 8.5

2022-03-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:The controller area network (CAN) is the most widely used intra-vehicular communication network in the automotive industry. Because of its simplicity in design, it lacks most of the requirements needed for a security-proven communication protocol. However, a safe and secured environment is imperative for autonomous as well as connected vehicles. Therefore CAN security is considered one of the important topics in the automotive research community. In this article, we propose a four-stage intrusion detection system that uses the chi-squared method and can detect any kind of strong and weak cyber attacks in a CAN. This work is the first-ever graph-based defense system proposed for the CAN. Our experimental results show that we have a very low 5.26% misclassification for denial of service (DoS) attack, 10% misclassification for fuzzy attack, 4.76% misclassification for replay attack, and no misclassification for spoofing attack. In addition, the proposed methodology exhibits up to 13.73% better accuracy compared to existing ID sequence-based methods.

engineering, electrical & electronic,transportation science & technology, civil