Efficient Mining of Temporal Safety Properties for Intrusion Detection in Industrial Control Systems

Oualid Koucham 1 Stéphane Mocanu 2, 3 Guillaume Hiet 4 Jean-Marc Thiriet 5 Frédéric Majorczyk 6
1 GIPSA-SYSCO - SYSCO
GIPSA-DA - Département Automatique
3 CTRL-A - Control techniques for Autonomic, adaptive and Reconfigurable Computing systems
Inria Grenoble - Rhône-Alpes, LIG - Laboratoire d'Informatique de Grenoble
4 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA_D1 - SYSTÈMES LARGE ÉCHELLE
5 GIPSA-SAIGA - SAIGA
GIPSA-DA - Département Automatique, GIPSA-DIS - Département Images et Signal
Abstract : Sophisticated process-aware attacks targeting industrial control systems require adequate detection measures taking into account the physical process. This paper proposes an approach relying on automatically mined process specifications to detect attacks on sequential control systems. The specifications are synthesized as monitors that read the execution traces and report violations to the operator. In contrast to other approaches, a central aspect of our method consists in reducing the number of mined specifications suffering from redundancies. We evaluate our approach on a hardware-in-the-loop testbed with a complex physical process model and discuss our approach's mining efficiency and attack detection capabilities.
Type de document :
Communication dans un congrès
SAFEPROCESS 2018 - 10th IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes, Aug 2018, Warsaw, Poland. pp.1-8
Liste complète des métadonnées

Littérature citée [4 références]  Voir  Masquer  Télécharger

https://hal.archives-ouvertes.fr/hal-01877109
Contributeur : Stéphane Mocanu <>
Soumis le : vendredi 21 septembre 2018 - 10:56:20
Dernière modification le : mardi 20 novembre 2018 - 11:59:19

Fichier

safeprocess2018_v7.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01877109, version 1

Citation

Oualid Koucham, Stéphane Mocanu, Guillaume Hiet, Jean-Marc Thiriet, Frédéric Majorczyk. Efficient Mining of Temporal Safety Properties for Intrusion Detection in Industrial Control Systems. SAFEPROCESS 2018 - 10th IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes, Aug 2018, Warsaw, Poland. pp.1-8. 〈hal-01877109〉

Partager

Métriques

Consultations de la notice

365

Téléchargements de fichiers

89