Skip to main content
SpringerLink
Log in

Intrusion Detection in PLC-Based Industrial Control Systems Using Formal Verification Approach in Conjunction with Graphs

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

Vulnerability in industrial control systems (ICS) has increased radically in the past few decades. This can be accounted to reasons including accessibility of ICS through Internet, development of sophisticated attack methods, and advancement in Internet of Things (IoT). The damage that can be caused by attackers on insecure ICS could cost hundreds of human lives and a huge state economy. Therefore, having such systems every where around us makes the concern for security nothing but a priority. Programmable logic controllers (PLCs) are the central devices of ICS and also a target to attacks which aim at gaining access and privilege to the control logic of the controller. A successful alteration or intrusion of the control logic by attackers can have a catastrophic effect on the plant. In this paper, control logic intrusion detection methodology for PLC-based control systems is proposed. The methodology implements the detection process by comparing a potentially intruded PLC program with a trusted version of the program. In order to achieve this goal, a scheme is proposed that operates in sequence of stages by first translating the PLC program to formal models (based on previous research work), then translating the formal models to graphs followed by performing a comparison between a trusted system model graph and a potentially intruded system graph. In the last stage of the methodology, graph discrepancy analysis is made in order to identify any intrusions. For demonstration purposes, a water level control system is presented as a case study, which is modeled using UPPAAL toolbox. We have verified our methodology by developing an in-house software. Our test results prove the concept that intrusions can be shown as discrepancies in the graphs generated from the UPPAAL-based formal modeling, which can be detected utilizing the proposed graph comparison approach. The premise of our study is that logic intrusions in PLC based ICS can be identified by the changes in the PLC code, and the methodology we proposed can successfully detect those changes by observing the code’s graph model.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20

Similar content being viewed by others

References

  1. Schwartz M et al (2014) Emerging techniques for field device security. IEEE Secur Priv 6:24–31

    Article  Google Scholar 

  2. Krotofil M, Dieter G (2013) Industrial control systems security: what is happening?. In: 2013 11th IEEE international conference on industrial informatics (INDIN). IEEE

  3. Cardenas A, Amin S, Sinopoli B, Giani A, Perrig A, Sastry S et al (2009) Challenges for securing cyber physical systems. In: Workshop on future directions in cyber-physical systems security, vol 5

  4. Loukas G (2015) Cyber-physical attacks: a growing invisible threat. Butterworth-Heinemann. https://www.elsevier.com/books/cyber-physical-attacks/loukas/978-0-12-801290

  5. Yang W, Qianchuan Z (2014) Cyber security issues of critical components for industrial control system. In: 2014 IEEE Chinese guidance, navigation and control conference (CGNCC). IEEE, pp 2698–2703. http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=32799

  6. Valentine SE (2013) PLC code vulnerabilities through SCADA systems. Diss. University of South Carolina

  7. Drias Z, Serhrouchni A, Olivier V (2015) Analysis of cyber security for industrial control systems. In: 2015 international conference on cyber security of smart cities, industrial control system and communications (SSIC). IEEE, p 18. http://www.ssic-conf.org/2015/quickstart/

  8. Huang S et al (2015) Cyber-physical system security for networked industrial processes. Inte J Autom Comput 12.6:567–578

    Article  Google Scholar 

  9. Lu T et al (2015) Towards a framework for assuring cyber physical system security. Int J Secur Appl 9.3:25–40

    Google Scholar 

  10. Gjendemsjø M (2013) Creating a weapon of mass disruption: attacking programmable logic controllers. MS thesis. Institutt for datateknikk og informasjonsvitenskap

  11. Hadziosmanovic D et al (2013) Through the eye of the PLC: towards semantic security monitoring for industrial control systems. International Computer Science Institute, Berkeley

  12. Klick J, Lau S, Marzin D, Malchow J-O, Roth V Internet-facing PLCs—a new back orifice

  13. Lee EA (2008) Cyber physical systems: design challenges. In: 2008 11th IEEE international symposium on object oriented real-time distributed computing (ISORC). IEEE, pp 363–369. http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=13730

  14. McLaughlin SE et al (2014) A trusted safety verifier for process controller code, vol 14. NDSS

  15. McLaughlin S (2015) Blocking unsafe behaviors in control systems through static and dynamic policy enforcement. In: 2015 52nd ACM/EDAC/IEEE design automation conference (DAC). IEEE, pp 1–6. https://www.arm.com/about/events/design-automation-conference-2015.php

  16. Adiego BF et al (2014) Bringing automated model checking to PLC program development—a CERN case study—. IFAC Proceedings 47.2:394–399

    Article  Google Scholar 

  17. Baier C, Katoen J-P, Larsen KG (2008) Principles of model checking. MIT Press. https://mitpress.mit.edu/books/principles-model-checking. ISBN: 9780262026499

  18. VERIMAG, http://www-verimag.imag.fr/BIP-Tools-93. Accessed October 2017

  19. Fondazione Bruno Kessler, https://nuxmv.fbk.eu/. Accessed October 2017

  20. Department of Information Technology at Uppsala University, Sweden and the Department of Computer Science at Aalborg University in Denmark, http://uppaal.org/. Accessed October 2017

  21. http://www.iwote.com/arts/crafts/build-a-simple-water-level-control.html. Accessed October 2017

  22. Eberle W, Holder L (2007) Anomaly detection in data represented as graphs. Intell Data Anal 11.6:663–689

    Google Scholar 

  23. Zonouz S, Rrushi J, Steve M (2014) Detecting industrial control malware using automated PLC code analytics. Secur Priv IEEE 12.6:40–47

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Electrical and Computer Engineering, Tennessee Technological University, Cookeville, TN, USA

    Muluken Hailesellasie & Syed Rafay Hasan

Authors
  1. Muluken Hailesellasie
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Syed Rafay Hasan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Muluken Hailesellasie.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Hailesellasie, M., Hasan, S.R. Intrusion Detection in PLC-Based Industrial Control Systems Using Formal Verification Approach in Conjunction with Graphs. J Hardw Syst Secur 2, 1–14 (2018). https://doi.org/10.1007/s41635-017-0017-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-017-0017-y

Keywords

Search

Navigation