Abstract
At present, the security of Programmable Logic Controller (PLC) codes mainly depends on the detection of code defects. However, there is no detection of malicious behaviors that violates the safety requirements. In this paper, we propose an approach to detect the malicious behaviors of PLC programs based on state verification. In particular, avoid state space explosion by merging the same output state of the same scan cycle and removing the output states that have been analyzed in previous scan cycles. For timer, we deduce all output states of a timer based on the analysis of part output state transition relationships. Moreover, the sequence of input vector that violates the safety requirement could be obtained when malicious behaviors are found. Based on experimental results, our method takes less than 5 min for the worst case, it can be proved that our method can detect PLC malicious behaviors effectively and accurately.
This work is partially supported by the National Key R&D Program of China (2016YFB0800203).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mclaughlin, S.: On dynamic malware payloads aimed at programmable logic controllers. In: Usenix Conference on Hot Topics in Security, p. 10 (2011)
Klick, J., Lau, S., Marzin, D., Malchow, J., Roth, V.: Internet-Facing PLCs - A New Back Orifice. Blackhat (2015)
Spenneberg, R., Brüggemann, M., Schwartke, H.: PLC-Blaster: A Worm Living Solely in the PLC. Blackhat (2016)
Valentine, S.E.: PLC code vulnerabilities through SCADA systems. University of South Carolina (2013)
Wan, H., Chen, G., Song, X., et al.: Formalization and verification of PLC timers in Coq, vol. 1, pp. 315–323 (2009)
Ould Biha, S.: A formal semantics of PLC programs in Coq. In: IEEE Computer Software and Applications Conference, pp. 118–127. IEEE Computer Society, (2011)
Darvas, D., Adiego, B.F., Viñuela, E.B., et al.: Transforming PLC programs into formal models for verification purposes (2013)
Darvas, D., Fernández Adiego, B., Vörös, A., Bartha, T., Blanco Viñuela, E., González Suárez, V.M.: Formal verification of complex properties on PLC programs. In: Ábrahám, E., Palamidessi, C. (eds.) FORTE 2014. LNCS, vol. 8461, pp. 284–299. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43613-4_18
He, N., Oke, V., Allen, G.: Model-based verification of PLC programs using Simulink design. In: IEEE International Conference on Electro Information Technology (2016)
Mclaughlin, S.: A trusted safety verifier for process controller code. In: Network and Distributed System Security Symposium (2014)
Chang, T., Wei, Q., Geng, Y.: Constructing PLC binary program model for detection purposes. In: ISCTT (2017)
Govil, N., Agrawal, A., Tippenhauer, N.O.: On ladder logic bombs in industrial control systems. In: Katsikas, S.K., et al. (eds.) CyberICPS/SECPRE -2017. LNCS, vol. 10683, pp. 110–126. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72817-9_8
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Chang, T., Wei, Q., Liu, W., Geng, Y. (2018). Detecting PLC Program Malicious Behaviors Based on State Verification. In: Sun, X., Pan, Z., Bertino, E. (eds) Cloud Computing and Security. ICCCS 2018. Lecture Notes in Computer Science(), vol 11067. Springer, Cham. https://doi.org/10.1007/978-3-030-00018-9_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-00018-9_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00017-2
Online ISBN: 978-3-030-00018-9
eBook Packages: Computer ScienceComputer Science (R0)