Filters based Approach with Temporal and Combinational Constraints for Cybersecurity of Industrial Control Systems

Abstract

Industrial Control Systems (ICS) are increasingly deployed in critical infrastructures. Originally designed to increase the productivity of ICS as well as safety and reliability, nowadays these systems are becoming the target of hackers. Several attacks highlighted vulnerabilities, the most relevant one, Stuxnet, stroke in 2010. Protection of ICS against cyberattacks has to be considered. Security of these systems is different from IT security solutions because exchanged data have physical consequences. For that, a new approach for Intrusion Detection System (IDS) in ICS was presented based on filters monitoring orders and reports. Methodology to obtain these filters and their locations in the ICS architecture were introduced. In this paper, we present major improvements in detection mechanisms of these filters. Distance concept, introduced in previous paper (Sicard et al., 2017), is developed and combined to trajectory concept that allows filters to detect deviations from expected behavior. Distance from optimal or forbidden states is essential to compute order sequence bringing back the system into safe states. Trajectory, which is the evolution of distance during state evolution, improves detection mechanism by analyzing sequences sent to the system and received by Programmable Logic Controller (PLC). This combinational security prevents damages against goods and people. Implementation of time based intrusion detection is a step forward for improving filters. Temporal windows indicate when actions have to be done and if received reports correspond to executed orders. Thus, our filter approach secures ICS against combinational and temporal attacks affecting security of goods and people or quality.