Grounds for suspicion: physics-based early warnings for stealthy attacks on industrial control systems
| dc.contributor.author | Azzam, Mazen | |
| dc.contributor.author | Pasquale, Liliana | |
| dc.contributor.author | Provan, Gregory | |
| dc.contributor.author | Nuseibeh, Bashar | |
| dc.contributor.funder | Science Foundation Ireland | en |
| dc.date.accessioned | 2022-01-13T15:14:04Z | |
| dc.date.available | 2022-01-13T15:14:04Z | |
| dc.date.issued | 2021-09-21 | |
| dc.description.abstract | Stealthy attacks on Industrial Control Systems can cause significant damage. In this paper, instead of focusing on the detection of stealthy attacks, we aim to provide early warnings to operators, in order to avoid physical damage and preserve in advance data that may serve as an evidence during an investigation. We propose a framework to provide grounds for suspicion, i.e. preliminary indicators reflecting the likelihood of success of a stealthy attack. We propose two grounds for suspicion based on the behaviour of the physical process: feasibility of a stealthy attack, and proximity to unsafe operating regions. We propose a metric to measure grounds for suspicion in real-time and provide soundness principles to ensure that such a metric is consistent with the grounds for suspicion. We apply our framework to Linear-Time-Invariant systems and formulate the suspicion metric computation as a real-time reachability problem. We validate our framework on a case study involving the benchmark Tennessee-Eastman process. We show through numerical simulation that we can provide early warnings well before a potential stealthy attack can cause damage, while incurring minimal load on the network. Finally, we apply our framework on a use case to illustrate its usefulness in supporting early evidence collection. | en |
| dc.description.sponsorship | Science Foundation Ireland (Grant Number 16/RC/3918) | en |
| dc.description.status | Peer reviewed | en |
| dc.description.version | Accepted Version | en |
| dc.format.mimetype | application/pdf | en |
| dc.identifier.citation | Azzam, M., Pasquale, L., Provan, G. and Nuseibeh, B. (2021) 'Grounds for suspicion: physics-based early warnings for stealthy attacks on industrial control systems', IEEE Transactions on Dependable and Secure Computing. doi: 10.1109/TDSC.2021.3113989 | en |
| dc.identifier.doi | 10.1109/TDSC.2021.3113989 | en |
| dc.identifier.eissn | 1941-0018 | |
| dc.identifier.endpage | 16 | en |
| dc.identifier.issn | 1545-5971 | |
| dc.identifier.journaltitle | IEEE Transactions on Dependable and Secure Computing | en |
| dc.identifier.startpage | 1 | en |
| dc.identifier.uri | https://hdl.handle.net/10468/12380 | |
| dc.language.iso | en | en |
| dc.publisher | Institute of Electrical and Electronics Engineers (IEEE) | en |
| dc.relation.project | info:eu-repo/grantAgreement/SFI/SFI Research Centres/13/RC/2094/IE/Lero - the Irish Software Research Centre/ | en |
| dc.rights | © 2021, IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. | en |
| dc.subject | Integrated circuits | en |
| dc.subject | Measurement | en |
| dc.subject | Security | en |
| dc.subject | Real-time systems | en |
| dc.subject | Process control | en |
| dc.subject | Monitoring | en |
| dc.subject | Linear systems | en |
| dc.subject | Cyber-physical systems | en |
| dc.subject | Industrial control systems | en |
| dc.subject | Early warning systems | en |
| dc.subject | Security | en |
| dc.subject | Process control | en |
| dc.subject | Reachability analysis | en |
| dc.title | Grounds for suspicion: physics-based early warnings for stealthy attacks on industrial control systems | en |
| dc.type | Article (peer-reviewed) | en |
