Go to DBLP homepageA Heterogeneous Redundant Architecture for Industrial Control System Security
Abstract: Component-level heterogeneous redundancy is gaining popularity as an approach for preventing single-point security breaches in Industrial Control Systems (ICSs), especially with regard to core components such as Programmable Logic Controllers (PLCs). To take control of a system with component-level heterogeneous redundancy, an adversary must uncover and concurrently exploit vulnerabilities across multiple versions of hardened components. As such, attackers incur increased costs and delays when seeking to launch a successful attack. Existing approaches advocate attack resilience via pairwise comparison among outputs from multiple PLCs. These approaches incur increased resource costs due to them having a high degree of redundancy and do not address concurrent attacks. In this paper we address both issues, demonstrating a data-driven component selection approach that achieves a trade-off between resources cost and security. In particular, we propose (i) a novel dual-PLC ICS architecture with native pairwise comparison which can offer limited yet comparable defence against single-point breaches, (ii) a machine-learning based selection mechanisms which can deliver resilience against non-concurrent attacks under resource constraints, (iii) a scaled up variant of the proposed architecture to counteract concurrent attacks with modest resource implications.
Loading