{"title":"Controller-aware false data injection against programmable logic controllers","authors":"Stephen E. McLaughlin, S. Zonouz","doi":"10.1109/SmartGridComm.2014.7007754","DOIUrl":null,"url":null,"abstract":"Control systems rely on accurate sensor measurements to safely regulate physical processes. In False Data Injection (FDI) attacks, adversaries inject forged sensor measurements into a control system in hopes of misguiding control algorithms into taking dangerous actions. Traditional FDI attacks mostly require adversaries to know the full system topology, i.e., hundreds or thousands of lines and buses, while having unpredictable consequences. In this paper, we present a new class of FDI attacks directly against individual Programmable Logic Controllers (PLCs), which are ubiquitous in power generation and distribution. Our attack allows the adversary to have only partial information about the victim subsystem, and produces a predictable malicious result. Our attack tool analyzes an I/O trace of the compromised PLCs to produce a set of inputs to achieve the desired PLC outputs, i.e., the system behavior. It proceeds in two steps. First, our tool constructs a model of the PLC's internal logic from the I/O traces. Second, it searches for a set of inputs that cause the model to calculate the desired malicious behavior. We evaluate our tool against a set of representative control systems and show that it is a practical threat against insecure sensor configurations.","PeriodicalId":6499,"journal":{"name":"2014 IEEE International Conference on Smart Grid Communications (SmartGridComm)","volume":"47 1","pages":"848-853"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE International Conference on Smart Grid Communications (SmartGridComm)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SmartGridComm.2014.7007754","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 20
Abstract
Control systems rely on accurate sensor measurements to safely regulate physical processes. In False Data Injection (FDI) attacks, adversaries inject forged sensor measurements into a control system in hopes of misguiding control algorithms into taking dangerous actions. Traditional FDI attacks mostly require adversaries to know the full system topology, i.e., hundreds or thousands of lines and buses, while having unpredictable consequences. In this paper, we present a new class of FDI attacks directly against individual Programmable Logic Controllers (PLCs), which are ubiquitous in power generation and distribution. Our attack allows the adversary to have only partial information about the victim subsystem, and produces a predictable malicious result. Our attack tool analyzes an I/O trace of the compromised PLCs to produce a set of inputs to achieve the desired PLC outputs, i.e., the system behavior. It proceeds in two steps. First, our tool constructs a model of the PLC's internal logic from the I/O traces. Second, it searches for a set of inputs that cause the model to calculate the desired malicious behavior. We evaluate our tool against a set of representative control systems and show that it is a practical threat against insecure sensor configurations.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
