Abstract
This paper presents a novel approach to flexibly control the depth of monitoring applied to CPS-enabled safety-critical infrastructures, to timely detect deviations from the desired operational status, and discusses how the application of anomaly detection (AD) techniques can be further leveraged to automatically adapt the security controls of the infrastructure itself.
Zusammenfassung
Dieser Beitrag stellt einen neuartigen Ansatz zur flexiblen Steuerung des Grades der Überwachung in CPS-fähigen sicherheitskritischen Infrastrukturen vor, um Abweichungen vom gewünschten Betriebszustand rechtzeitig zu erkennen, und diskutiert, wie die Anwendung von Anomalie-Erkennungstechniken genutzt werden kann, um die Sicherheitskontrollen der Infrastruktur automatisch anzupassen.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Open Web Application Security Project (OWASP): The free and open software security community http://www.owasp.org/.
As further described in the following, in our work we adopted our log-based white-listing anomaly detection approach named AECID [17].
References
Arcaini, P., Riccobene, E., Scandurra, P. (2015): Modeling and analyzing MAPE-K feedback loops for self-adaptation. In Proceedings of the 10th international symposium on software engineering for adaptive and self-managing systems (pp. 13–23). New York: IEEE Press.
Chandola, V., Banerjee, A., Kumar, V. (2009): Anomaly detection: a survey. ACM Comput. Surv., 41(3), 15.
Hankel, M., Rexroth, B. (2015): The reference architectural model Industrie 4.0 (RAMI 4.0). Frankfurt a. M.: ZVEI.
Industrial Internet Consortium (2016): Industrial internet of things, vol. G4: security framework. Needham: Industrial Internet Consortium.
Kephart, J. O., Chess, D. M. (2003): The vision of autonomic computing. Computer, 36(1), 41–50.
Lasi, H., Fettke, P., Kemper, H.-G., Feld, T., Hoffmann, M. (2014): Industry 4.0. Bus. Inf. Syst. Eng., 6(4), 239.
Liebi, M. (2016): Industry 4.0 and the impact on cybersecurity. Bern: United Security Providers.
Ma, Z., Hudic, A., Shaaban, A., Plosz, S. (2017): Security viewpoint in a reference architecture model for cyber-physical production systems. In 2017 IEEE European symposium on security and privacy workshops, EuroS&PW (pp. 153–159). New York: IEEE Press.
Muccini, H., Sharaf, M., Weyns, D. (2016): Self-adaptation for cyber physical systems: a systematic literature review. In Proceedings of the 11th international symposium on software engineering for adaptive and self-managing systems (pp. 75–81). New York: ACM.
Musil, A., Musil, J., Weyns, D., Bures, T., Muccini, H., Sharaf, M. (2017): Patterns for self-adaptation in cyber-physical systems. In Multi-disciplinary engineering for cyber-physical production systems (pp. 331–368). Berlin: Springer.
Om, H., Kundu, A. (2012): A hybrid system for reducing the false alarm rate of anomaly intrusion detection system. In 2012 1st international conference on recent advances in information technology. RAIT (pp. 131–136). New York: IEEE Press.
Pereira, T., Barreto, L., Amaral, A. (2017): Network and information security challenges within Industry 4.0 paradigm. Proc. Manuf., 13, 1253–1260.
Settanni, G., Skopik, F., Karaj, A., Wurzenberger, M., Fiedler, R. (2018): Protecting cyber physical production systems using anomaly detection to enable self-adaptation. In 1st IEEE international conference on industrial cyber physical systems, ICPS 2018 (pp. 173–180). New York: IEEE Press.
Skopik, F. (2017): Collaborative cyber threat intelligence: detecting and responding to advanced cyber attacks at the national level. Boca Raton: CRC Press.
Tauber, M., Kirby, G., Dearle, A. (2010): Self-adaptation applied to peer-set maintenance in chord via a generic autonomic management framework. In 2010 fourth IEEE international conference on self-adaptive and self-organizing systems workshop, SASOW (pp. 9–16). New York: IEEE Press.
Thonnard, O., Bilge, L., OGorman, G., Kiernan, S., Lee, M. (2012): Industrial espionage and targeted attacks: understanding the characteristics of an escalating threat. In International workshop on recent advances in intrusion detection (pp. 64–85). Berlin: Springer.
Wurzenberger, M., Skopik, F., Settanni, G., Fiedler, R. (2018): AECID: a self-learning anomaly detection approach based on light-weight log parser models. In 4th international conference on information systems security and privacy, ICISSP 2018, January 22–24, 2018. Funchal, Madeira, Portugal. Setubal: INSTICC.
Acknowledgements
This work was partly funded by the Austrian FFG research project synERGY (855457) and the European ECSEL project SEMI 4.0 (692466).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Settanni, G., Skopik, F., Wurzenberger, M. et al. Countering targeted cyber-physical attacks using anomaly detection in self-adaptive Industry 4.0 Systems. Elektrotech. Inftech. 135, 278–285 (2018). https://doi.org/10.1007/s00502-018-0615-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00502-018-0615-6