skip to main content
10.1145/3440943.3444742acmconferencesArticle/Chapter ViewAbstractPublication PagesiceaConference Proceedingsconference-collections
research-article

Detection and Analysis Technique for Manipulation Attacks on PLC Control Logic

Published: 27 September 2021 Publication History

Abstract

In recent years, 1 a large number of studies have been conducted on cybersecurity for Programmable Logic Controllers (PLCs) to cope with cyberattacks on Industrial Control Systems(ICS). However, few studies have been conducted on ensuring cybersafety for control logics running inside PLCs. In this study, a technique for detecting an attack on PLC control logic change was proposed by analyzing the network protocol data and project file structure. Based on the analysis results for the proposed technique, a tool was implemented to detect an manipulation attack on control logic, and whether such attack was detected or not was verified through experiments.

References

[1]
Dabidson. C. C, Andel. T. R, Yampolskiy. M, McDonald. J. T, and Gilsson. W. 2018. On SCADA PLC and Fieldbus Cybersecurity. Proceedings of the 13th International Conference on Cyber Warfare and Security, 140--148.
[2]
Ahmed, I., Obermeier, S., Naedele, M., Richard III, G.G. 2012. SCADA systems: challenges for forensic investigators. Computer 45, 12(Dec. 2012), 44--51.
[3]
Ahmed, I., Obermeier, S., Sudhakaran, S., Roussev, V. 2017. Programmable logic controller forensics. IEEE Secur 15, 6(Nov. 2017), 18--24.
[4]
Khan.R, Maynard. P, McLaughlin. K, Laverty. D, Sezer. S. 2016. Threat Analysis of BlackEnergy Malware for synchrophasor Based Real-time Control and Monitoring in Smart Grid. Proceedings 4th international symposium for ICS&SCADA Cyber Security Research, 53--63.
[5]
Falliere. N, Murchu. L. O, Chien. E. 2010. W32.Stuxnet Dossier. Symantec Security Response, (Nov. 2010), 1--64.
[6]
IEC. 2003. International Standard IEC 61131-3: programmable logic controllers, part3: programming languages. IEC, 1--226.
[7]
Cheng. L, Li. D, Ma. L. 2017. The spear to break the security wall of S7commplus. Proceedings Black Hat USA, 1--12.
[8]
Spenneberg. R, Bruggemann. M, Schwartke. H. 2016. PLC-blast: a worm living solely in the PLC. Proceedings Black Hat Asia, 1--16.
[9]
Naman. G, Anand. A, Nils. O. T. 2017. On Ladder Logic Bombs in Industrial Control Systems. Proceeding of International Workshop on the Security of Industrial Control Systems and CyberPhysical Systems. 110--126.
[10]
Yau. K, Chow. K. P. 2015. PLC forensics based on control program logic change detection. Journal of Digital Forensics, Security and Law 10, 4(2015), 59--68.
[11]
Lee. J. C, Choi. H. P, Kim. J. H, Kim. J. W, Jung. D. U, Shin. J. H, and Seo. J. T. 2020. Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis. Computers, Materials&Continua 65, 1(July. 2020), 53--67.

Cited By

View all
  • (2023)PLCPrint: Fingerprinting Memory Attacks in Programmable Logic ControllersIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.327768818(3376-3387)Online publication date: 1-Jan-2023
  • (2023)Attack Vectors Against ICS: A Survey2023 Congress in Computer Science, Computer Engineering, & Applied Computing (CSCE)10.1109/CSCE60160.2023.00401(2494-2501)Online publication date: 24-Jul-2023

Index Terms

  1. Detection and Analysis Technique for Manipulation Attacks on PLC Control Logic

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    ACM ICEA '20: Proceedings of the 2020 ACM International Conference on Intelligent Computing and its Emerging Applications
    December 2020
    219 pages
    ISBN:9781450383042
    DOI:10.1145/3440943
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 27 September 2021

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Cybersecurity
    2. Industrial control system
    3. Logic detector
    4. Programmable logic controller

    Qualifiers

    • Research-article
    • Research
    • Refereed limited

    Funding Sources

    • Institute for Information & communications Technology Planning & Evaluation(IITP) :
    • National Research Foundation of Korea (NRF) :

    Conference

    ACM ICEA '20
    Sponsor:

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)20
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 15 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2023)PLCPrint: Fingerprinting Memory Attacks in Programmable Logic ControllersIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.327768818(3376-3387)Online publication date: 1-Jan-2023
    • (2023)Attack Vectors Against ICS: A Survey2023 Congress in Computer Science, Computer Engineering, & Applied Computing (CSCE)10.1109/CSCE60160.2023.00401(2494-2501)Online publication date: 24-Jul-2023

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media