Radio-frequency-based anomaly detection for programmable logic controllers in the critical infrastructure

Abstract

Advances in the processing power and efficiency of computers have led to the proliferation of information technology (IT) systems in nearly every aspect of our daily lives. The pervasiveness and reliance on IT systems, however, have increased the susceptibility to cyber attacks. This is of particular concern with regard to supervisory control and data acquisition (SCADA) systems in the critical infrastructure. Compromises of SCADA systems–in particular, the programmable logic controllers (PLCs) used as field devices to control and monitor remote processes–could have devastating consequences. However, because of their limited onboard computing resources (e.g., processing power and memory), conventional bit-level IT security mechanisms are not well suited to safeguarding PLCs.This paper describes a methodology for detecting anomalous operations of PLCs. The methodology uses information extracted from radio frequency (RF) features to identify changes in operating characteristics due to malicious actions or system failure. The experimental results demonstrate the utility of the RF-based anomaly detection methodology for PLC verification.