Skip to main content
SpringerLink
Log in

PRoCeeD: Process State Prediction for CRITIS Using Process Inherent Causal Data and Discrete Event Models

  • Conference paper
  • First Online:
Book cover Critical Information Infrastructures Security (CRITIS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8985))

  • 1406 Accesses

Abstract

It is getting harder for operators to secure their Critical Infrastructures (CRITIS). The reasons are a higher complexity and vulnerability of infrastructures in combination with the pressure of being cost-effective, as well as the availability of more evolving attack techniques. New and sophisticated Advanced Persistent Threats cannot be detected using common security measures like signature-based detection. New techniques for detection in CRITIS are necessary. As one part of a comprehensive detection framework for CRITIS we introduce PRoCeeD – Process secuRity by using Causal Data. Our approach combines methodologies from control theory, distributed computing and automata theory. The goal is to create a mathematical model of the nodes, i.e. Programmable Logic Controller or other control systems. Furthermore this is done in an automated fashion using existing information like the Source Code, input and output values like network traffic and process variables and data models. The generated model can be simulated in conjunction with on-line data of a running process to predict probable process states. A combination of this prediction with an anomaly detection framework can reveal attacks, misuses or errors that cannot be detected using common security measures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Johnson, R.E.: Survey of SCADA security challenges and potential attack vectors. In: International Conference for Internet Technology and Secured Transactions (ICITST), vol. 1, no. 5, pp. 8–11 (2010)

    Google Scholar 

  2. Igure, V.M., Laughter, S.A., Williams, R.D.: Security issues in SCADA networks. Comput. Secur. 25(7), 498–506 (2010). ISSN 0167–4048

    Article  Google Scholar 

  3. Nicholson, A., Webber, S., Dyer, S., Patel, T., Janicke, H.: SCADA security in the light of Cyber-Warfare. Comput. Secur. 31(4), 418–436 (2012). ISSN 0167–4048

    Article  Google Scholar 

  4. Falliere, N., Murchu, L.O., Chien, E.: W32.Stuxnet Dossier. Symantec Security Response, Version 1.4, February 2011. Online: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf

  5. Virvilis, N., Gritzalis, D.: The Big Four - What we did wrong in Advanced Persistent Threat detection? In: Proceeding of the 8th International Conference on Availability, Reliability and Security (ARES-) (2013)

    Google Scholar 

  6. MacKinnon, L., et al.: Cyber security countermeasures to combat cyber terrorism. In: Akhar, B., Yates, S. (eds.) Strategic Intelligence Management, Chap. 20, pp. 234–261 (2013)

    Google Scholar 

  7. Stouffer, K., Falco, J., Scarfone, K.: Guide to Industrial Control Systems (ICS) Security. NIST Special Publication 800–82. http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-final.pdf

  8. European Union Agency for Network and Information Security (ENISA). Protecting Industrial Control Systems - Recommendations for Europe and Member States. Deliverable 09 December 2011. http://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/scada-industrial-control-systems

  9. Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When good instructions go bad: generalizing return-oriented programming to RISC. In: Proceedings of CCS 2008. ACM Press, October 2008

    Google Scholar 

  10. Chen, S., Wang, R., Wang, X., Zhang, K.: . Side-channel leaks in web applications: a reality today, a challenge tomorrow. In: IEEE Symposium on Security & Privacy 2010, May 2010

    Google Scholar 

  11. Stewin, P., Seifert, J.-P.: In God we trust all others we monitor. In: Proceedings of the 17th ACM Conference on Computer and Communications Security (2010)

    Google Scholar 

  12. The Metasploit Framework. http://www.metasploit.com

  13. The Shodan Computer Search Engine. http://www.shodanhq.com/

  14. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 15 (2009)

    Article  Google Scholar 

  15. Chandola, V., et al.: Anomaly detection for discrete sequences: a survey. IEEE Trans. Knowl. Data Eng. 24(5), 823–839 (2012)

    Article  Google Scholar 

  16. Kriegel, H.-P., Kröger, P., Zimek, A.: Outlier detection techniques. In: Proceedings of the Thirteenth Pacific-Asia Conference on Knowledge Discovery and Data Mining (2009)

    Google Scholar 

  17. Marnerides, A.K., et al.: Multi-level network resilience: traffic analysis. anomaly detection & simulation. ICTACT J. 2(2) (2011). Special Issue on Next Generation Wireless Networks and Applications

    Google Scholar 

  18. Genge, B., Rusu, D.A., Haller, P.: A connection pattern-based approach to detect network traffic anomalies in critical infrastructures. In: ACM European Workshop on System Security (EuroSec), Amsterdam, The Netherlands. pp. 1–6 (2014)

    Google Scholar 

  19. Ashouri, A., Jalilvand, A., Noroozian, R., Bagheri, A.: A new approach for fault detection in digital relays-based power system using Petri nets. In: Joint International Conference on Power Electronics, Drives and Energy Systems (PEDES), pp. 1–8 (2010)

    Google Scholar 

  20. He, X.: A comprehensive survey of Petri net modeling. In: Software Engineering, International Journal of Software Engineering and Knowledge Engineering, pp. 589–625 (2013)

    Google Scholar 

  21. Liao, H., et al.: Concurrency bugs in multithreaded software: modeling and analysis using Petri nets. Discrete Event Dyn. Syst. 23(2), 157–195 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  22. Hanisch, H.-M., Thieme, J., Luder, A., Wienhold, O.: Modeling of PLC behavior by means of timed net condition/event systems. In: 6th IEEE International Conference on Emerging Technologies and Factory Automation Proceedings (ETFA), Los Angeles (1997)

    Google Scholar 

  23. Heiner, M., Menzel, T.: A Petri Net Semantics for the PLC Language Instruction List. In: Proceeding of the Fourth Workshop on Discrete Event Systems (WODES), Cagliari (1998)

    Google Scholar 

  24. Michael Westergaard, H.M.W., (Eric) Verbeek.: Eindhoven University of Technology. CPN Tools. http://cpntools.org/

  25. Horn, C., Hempel, L., Chemnitz, M., Stewin, P., Krüger, J.: STEUERUNG: advanced information security for critical infrastructures. In: Proceeding of the 9th Future Security Conference, Berlin (2014)

    Google Scholar 

Download references

Acknowledgment

The authors would like to acknowledge the funding of the research project STEUERUNG by the senate of the state Berlin and the European Regional Development Fund. Furthermore we would like to thank our students Stefanie Teinz, Miklòs Tolnai, Max Klein and Marco Schwabe for their contribution to our research.

The Authors

The authors are working at the department of Industrial Automation Technology, which is an integral part of the Institute for Machine Tools and Factory Management at the School of Mechanical Engineering and Transport Systems of the Technische Universität Berlin.

Author information

Authors and Affiliations

  1. Department of Industrial Automation Technology, Technische Universität Berlin, Berlin, Germany

    Christian Horn & Jörg Krüger

Authors
  1. Christian Horn
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jörg Krüger
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christian Horn .

Editor information

Editors and Affiliations

  1. University of Cyprus , Nicosia, Cyprus

    Christos G. Panayiotou

  2. University of Cyprus , Nicosia, Cyprus

    Georgios Ellinas

  3. University of Cyprus , Nicosia, Cyprus

    Elias Kyriakides

  4. University of Cyprus , Nicosia, Cyprus

    Marios M. Polycarpou

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Horn, C., Krüger, J. (2016). PRoCeeD: Process State Prediction for CRITIS Using Process Inherent Causal Data and Discrete Event Models. In: Panayiotou, C., Ellinas, G., Kyriakides, E., Polycarpou, M. (eds) Critical Information Infrastructures Security. CRITIS 2014. Lecture Notes in Computer Science(), vol 8985. Springer, Cham. https://doi.org/10.1007/978-3-319-31664-2_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-31664-2_32

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-31663-5

  • Online ISBN: 978-3-319-31664-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation