Abstract
It is getting harder for operators to secure their Critical Infrastructures (CRITIS). The reasons are a higher complexity and vulnerability of infrastructures in combination with the pressure of being cost-effective, as well as the availability of more evolving attack techniques. New and sophisticated Advanced Persistent Threats cannot be detected using common security measures like signature-based detection. New techniques for detection in CRITIS are necessary. As one part of a comprehensive detection framework for CRITIS we introduce PRoCeeD – Process secuRity by using Causal Data. Our approach combines methodologies from control theory, distributed computing and automata theory. The goal is to create a mathematical model of the nodes, i.e. Programmable Logic Controller or other control systems. Furthermore this is done in an automated fashion using existing information like the Source Code, input and output values like network traffic and process variables and data models. The generated model can be simulated in conjunction with on-line data of a running process to predict probable process states. A combination of this prediction with an anomaly detection framework can reveal attacks, misuses or errors that cannot be detected using common security measures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Johnson, R.E.: Survey of SCADA security challenges and potential attack vectors. In: International Conference for Internet Technology and Secured Transactions (ICITST), vol. 1, no. 5, pp. 8–11 (2010)
Igure, V.M., Laughter, S.A., Williams, R.D.: Security issues in SCADA networks. Comput. Secur. 25(7), 498–506 (2010). ISSN 0167–4048
Nicholson, A., Webber, S., Dyer, S., Patel, T., Janicke, H.: SCADA security in the light of Cyber-Warfare. Comput. Secur. 31(4), 418–436 (2012). ISSN 0167–4048
Falliere, N., Murchu, L.O., Chien, E.: W32.Stuxnet Dossier. Symantec Security Response, Version 1.4, February 2011. Online: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf
Virvilis, N., Gritzalis, D.: The Big Four - What we did wrong in Advanced Persistent Threat detection? In: Proceeding of the 8th International Conference on Availability, Reliability and Security (ARES-) (2013)
MacKinnon, L., et al.: Cyber security countermeasures to combat cyber terrorism. In: Akhar, B., Yates, S. (eds.) Strategic Intelligence Management, Chap. 20, pp. 234–261 (2013)
Stouffer, K., Falco, J., Scarfone, K.: Guide to Industrial Control Systems (ICS) Security. NIST Special Publication 800–82. http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-final.pdf
European Union Agency for Network and Information Security (ENISA). Protecting Industrial Control Systems - Recommendations for Europe and Member States. Deliverable 09 December 2011. http://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/scada-industrial-control-systems
Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When good instructions go bad: generalizing return-oriented programming to RISC. In: Proceedings of CCS 2008. ACM Press, October 2008
Chen, S., Wang, R., Wang, X., Zhang, K.: . Side-channel leaks in web applications: a reality today, a challenge tomorrow. In: IEEE Symposium on Security & Privacy 2010, May 2010
Stewin, P., Seifert, J.-P.: In God we trust all others we monitor. In: Proceedings of the 17th ACM Conference on Computer and Communications Security (2010)
The Metasploit Framework. http://www.metasploit.com
The Shodan Computer Search Engine. http://www.shodanhq.com/
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 15 (2009)
Chandola, V., et al.: Anomaly detection for discrete sequences: a survey. IEEE Trans. Knowl. Data Eng. 24(5), 823–839 (2012)
Kriegel, H.-P., Kröger, P., Zimek, A.: Outlier detection techniques. In: Proceedings of the Thirteenth Pacific-Asia Conference on Knowledge Discovery and Data Mining (2009)
Marnerides, A.K., et al.: Multi-level network resilience: traffic analysis. anomaly detection & simulation. ICTACT J. 2(2) (2011). Special Issue on Next Generation Wireless Networks and Applications
Genge, B., Rusu, D.A., Haller, P.: A connection pattern-based approach to detect network traffic anomalies in critical infrastructures. In: ACM European Workshop on System Security (EuroSec), Amsterdam, The Netherlands. pp. 1–6 (2014)
Ashouri, A., Jalilvand, A., Noroozian, R., Bagheri, A.: A new approach for fault detection in digital relays-based power system using Petri nets. In: Joint International Conference on Power Electronics, Drives and Energy Systems (PEDES), pp. 1–8 (2010)
He, X.: A comprehensive survey of Petri net modeling. In: Software Engineering, International Journal of Software Engineering and Knowledge Engineering, pp. 589–625 (2013)
Liao, H., et al.: Concurrency bugs in multithreaded software: modeling and analysis using Petri nets. Discrete Event Dyn. Syst. 23(2), 157–195 (2013)
Hanisch, H.-M., Thieme, J., Luder, A., Wienhold, O.: Modeling of PLC behavior by means of timed net condition/event systems. In: 6th IEEE International Conference on Emerging Technologies and Factory Automation Proceedings (ETFA), Los Angeles (1997)
Heiner, M., Menzel, T.: A Petri Net Semantics for the PLC Language Instruction List. In: Proceeding of the Fourth Workshop on Discrete Event Systems (WODES), Cagliari (1998)
Michael Westergaard, H.M.W., (Eric) Verbeek.: Eindhoven University of Technology. CPN Tools. http://cpntools.org/
Horn, C., Hempel, L., Chemnitz, M., Stewin, P., Krüger, J.: STEUERUNG: advanced information security for critical infrastructures. In: Proceeding of the 9th Future Security Conference, Berlin (2014)
Acknowledgment
The authors would like to acknowledge the funding of the research project STEUERUNG by the senate of the state Berlin and the European Regional Development Fund. Furthermore we would like to thank our students Stefanie Teinz, Miklòs Tolnai, Max Klein and Marco Schwabe for their contribution to our research.
The Authors
The authors are working at the department of Industrial Automation Technology, which is an integral part of the Institute for Machine Tools and Factory Management at the School of Mechanical Engineering and Transport Systems of the Technische Universität Berlin.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Horn, C., Krüger, J. (2016). PRoCeeD: Process State Prediction for CRITIS Using Process Inherent Causal Data and Discrete Event Models. In: Panayiotou, C., Ellinas, G., Kyriakides, E., Polycarpou, M. (eds) Critical Information Infrastructures Security. CRITIS 2014. Lecture Notes in Computer Science(), vol 8985. Springer, Cham. https://doi.org/10.1007/978-3-319-31664-2_32
Download citation
DOI: https://doi.org/10.1007/978-3-319-31664-2_32
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31663-5
Online ISBN: 978-3-319-31664-2
eBook Packages: Computer ScienceComputer Science (R0)