Go to DBLP homepageA Specification-Based Intrusion Prevention System for Malicious Payloads
Abstract: In this work, a control/command analysis-based intrusion prevention system (IPS) is proposed. This IPS will examine incoming command packets and programs that are destined for a PLC interacting with a physical process. The IPS consists of a module that examines the packets that would alter settings or actuators and incorporates a model of the physical process to aid in predicting the effect of processing the command and specifically whether a safety violation would occur for critical variables in the physical system. Essentially, a simulation of both the model of the physical system and a process running a copy of the ladder logic of the real PLC is performed in the module. Also, uploaded programs will be evaluated to determine whether the programs would cause a safety violation. Previous research has studied making predictions based on the payloads of packets where cumbersome specifications must be developed by a human expert for the model of the physical system and safety conditions. This work seeks to eliminate or minimize the amount of specifications to be developed by a human through system identification and machine learning to allow the IPS to be more generic and deployable. Another contribution of this work is a broader and more generic understanding of the threat model that causes unsafe or inefficient consequences. The accuracy in prediction and latency in analysis are metrics used when evaluating the results in this work.
External IDs:dblp:conf/ncs/WerthM19
Loading