Detecting Time-Delay Attacks in Industrial Control Systems Through State-Aware Inference

IF 8.9 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS IEEE Internet of Things Journal Pub Date : 2024-11-13 DOI:10.1109/JIOT.2024.3496896

Kai Yang;Qiang Li;Ting Li;Haining Wang;Limin Sun

{"title":"Detecting Time-Delay Attacks in Industrial Control Systems Through State-Aware Inference","authors":"Kai Yang;Qiang Li;Ting Li;Haining Wang;Limin Sun","doi":"10.1109/JIOT.2024.3496896","DOIUrl":null,"url":null,"abstract":"The time-delay attacks pose serious security threats to the industrial control systems (ICSs), where ICS infrastructures (e.g., chemical factories) could suffer severe safety consequences. They could bypass current delay detection methods by avoiding triggering packet timeouts. In this article, we reveal that malicious states caused by the time-delay attacks in ICS scenarios can be detected by analyzing ICS programs. We propose detecting a time-delay attack in ICS scenarios by comparing the difference between malicious and benign states, meeting the real-time and noninterference requirements. Specifically, we utilize symbolic execution to analyze ICS programs to generate the benign states of ICS and leverage the key features of time-delay attacks to create the malicious states of ICS, where the states are transferred through the network for remote control and monitoring. We propose a multimodal neural network whose inputs are the malicious states sampled from the ICS network traffic and the time domain features, and the output is whether such a time-delay attack exists. We implement a prototype system and conduct real-world experiments to evaluate the performance of our detection approach. Our experiments cover 102 vulnerable ICS programs and five types of time-delay attacks. The evaluation results show that our approach can detect ICS time-delay attacks in 0.6 s, with 97.2% precision and 98% recall.","PeriodicalId":54347,"journal":{"name":"IEEE Internet of Things Journal","volume":"12 6","pages":"7195-7208"},"PeriodicalIF":8.9000,"publicationDate":"2024-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Internet of Things Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10752572/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The time-delay attacks pose serious security threats to the industrial control systems (ICSs), where ICS infrastructures (e.g., chemical factories) could suffer severe safety consequences. They could bypass current delay detection methods by avoiding triggering packet timeouts. In this article, we reveal that malicious states caused by the time-delay attacks in ICS scenarios can be detected by analyzing ICS programs. We propose detecting a time-delay attack in ICS scenarios by comparing the difference between malicious and benign states, meeting the real-time and noninterference requirements. Specifically, we utilize symbolic execution to analyze ICS programs to generate the benign states of ICS and leverage the key features of time-delay attacks to create the malicious states of ICS, where the states are transferred through the network for remote control and monitoring. We propose a multimodal neural network whose inputs are the malicious states sampled from the ICS network traffic and the time domain features, and the output is whether such a time-delay attack exists. We implement a prototype system and conduct real-world experiments to evaluate the performance of our detection approach. Our experiments cover 102 vulnerable ICS programs and five types of time-delay attacks. The evaluation results show that our approach can detect ICS time-delay attacks in 0.6 s, with 97.2% precision and 98% recall.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

通过状态感知推理检测工业控制系统中的延时攻击

延时攻击对工业控制系统（ICS）构成严重的安全威胁，ICS基础设施（如化工厂）可能遭受严重的安全后果。它们可以通过避免触发数据包超时来绕过当前的延迟检测方法。在本文中，我们揭示了通过分析ICS程序可以检测到ICS场景中由延时攻击引起的恶意状态。我们提出了在ICS场景中通过比较恶意和良性状态的差异来检测时延攻击，以满足实时和不干扰的要求。具体来说，我们利用符号执行来分析ICS程序以生成ICS的良性状态，并利用延时攻击的关键特征来创建ICS的恶意状态，其中状态通过网络传输以进行远程控制和监视。我们提出了一种多模态神经网络，其输入是从ICS网络流量中采样的恶意状态和时域特征，输出是这种时延攻击是否存在。我们实现了一个原型系统，并进行了真实世界的实验来评估我们的检测方法的性能。我们的实验涵盖了102个易受攻击的ICS程序和5种延时攻击。评估结果表明，该方法可以在0.6 s内检测到ICS时延攻击，准确率为97.2%，召回率为98%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Internet of Things Journal Computer Science-Information Systems

CiteScore

17.60

自引率

13.20%

发文量

1982

期刊介绍： The EEE Internet of Things (IoT) Journal publishes articles and review articles covering various aspects of IoT, including IoT system architecture, IoT enabling technologies, IoT communication and networking protocols such as network coding, and IoT services and applications. Topics encompass IoT's impacts on sensor technologies, big data management, and future internet design for applications like smart cities and smart homes. Fields of interest include IoT architecture such as things-centric, data-centric, service-oriented IoT architecture; IoT enabling technologies and systematic integration such as sensor technologies, big sensor data management, and future Internet design for IoT; IoT services, applications, and test-beds such as IoT service middleware, IoT application programming interface (API), IoT application design, and IoT trials/experiments; IoT standardization activities and technology development in different standard development organizations (SDO) such as IEEE, IETF, ITU, 3GPP, ETSI, etc.