skip to main content
10.1145/3650400.3650508acmotherconferencesArticle/Chapter ViewAbstractPublication PageseitceConference Proceedingsconference-collections
research-article

A physical signal-based anomaly detection for industrial terminal

Published: 17 April 2024 Publication History

Abstract

With the development of industry, industrial control systems are widely used in critical infrastructures. As one of the most significant components, the industrial terminals include Programmable Logic Controller, Distributed Control Systems, Remote Terminal Unit, and etc. Attacks against industrial terminals can cause catastrophic damage since they are directly related to business in the field. Unfortunately, traditional protection methods, such as intrusion detection systems and antivirus software, are not applicable to industrial terminals which are resource-constrained. In this paper, we propose an anomaly detection method for industrial controllers based on physical signals. The basic idea is to detect abnormal execution in a industrial terminal through analyzing its physical signals, including system power consumption and CPU usage. To effectively analyze the physical signals, a Transformer-based neural network is trained on the time series dataset to predict the next normal physical signals. The abnormal execution is detected by comparing the predicted signals and actual ones. We evaluate the proposed method on a real world dataset collected from a smart grid terminal, and the results show that the detection accuracy is over 97%.

References

[1]
Cristina Alcaraz and Sherali Zeadally. 2015. Critical infrastructure protection: Requirements and challenges for the 21st century. Int. J. Crit. Infrastructure Prot. 8 (2015), 53–66. https://api.semanticscholar.org/CorpusID:9308964
[2]
Shane S. Clark, Benjamin Ransford, Amir Rahmati, Shane Guineau, Jacob M. Sorber, Wenyuan Xu, and Kevin Fu. 2013. WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices. In HealthTech. https://api.semanticscholar.org/CorpusID:1304726
[3]
Fei Ding, Hongda Li, Feng Luo, Hongxin Hu, Long Cheng, Hai Xiao, and Rong Ge. 2020. DeepPower: Non-intrusive and Deep Learning-based Detection of IoT Malware Using Power Side Channels. Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (2020). https://api.semanticscholar.org/CorpusID:222136852
[4]
Alexander Gostev. 2012. The Flame: Questions and Answers. Securelist (2012).
[5]
R Hackett. 2016. Why a hacker dumped code behind colossal websitetrampling botnet.
[6]
Yi Han, Matthew Chan, Zahra Aref, Nils Ole Tippenhauer, and S. Zonouz. 2022. Hiding in Plain Sight? On the Efficacy of Power Side Channel-Based Control Flow Monitoring. In USENIX Security Symposium. https://api.semanticscholar. org/CorpusID:249455501
[7]
Yi Han, Sriharsha Etigowni, Hua Liu, S. Zonouz, and Athina P. Petropulu. 2017. Watch Me, but Don't Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017). https://api.semanticscholar.org/CorpusID:6984157
[8]
David Kus Hner and Brian A. Stauffer. 2013. The real story of stuxnet. IEEE Spectrum 50 (2013), 48–53. https://api.semanticscholar.org/CorpusID:29782870
[9]
Dave Lee. 2012. Flame: Massive cyber-attack discovered, researchers say. BBC News 5, 28 (2012), 2012.
[10]
Shiyang Li, Xiaoyong Jin, Yao Xuan, Xiyou Zhou, Wenhu Chen, Yu-Xiang Wang, and Xifeng Yan. 2019. Enhancing the Locality and Breaking the Memory Bottleneck of Transformer on Time Series Forecasting. ArXiv abs/1907.00235 (2019). https://api.semanticscholar.org/CorpusID:195766887
[11]
Yannan Liu, Lingxiao Wei, Zhe Zhou, Kehuan Zhang, Wenyuan Xu, and Q. Xu. 2016. On Code Execution Tracking via Power Side-Channel. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (2016). https://api.semanticscholar.org/CorpusID:14877272
[12]
Matti Mantere, Ilkka Uusitalo, Mirko Sailio, and Sami Noponen. 2012. Challenges of Machine Learning Based Monitoring for Industrial Control System Networks. 2012 26th International Conference on Advanced Information Networking and Applications Workshops (2012), 968–972. https://api.semanticscholar.org/CorpusID:10450597
[13]
Alireza Nazari, Nader Sehatbakhsh, Monjur Alam, Alenka G. Zajić, and Milos Prvulović. 2017. EDDIE: EM-based detection of deviations in program execution. 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA) (2017), 333–346. https://api.semanticscholar.org/CorpusID:24239518
[14]
Yong Peng, Chong Xiang, Haihui Gao, Dongqing Chen, andWang Ren. 2015. Industrial Control System Fingerprinting and Anomaly Detection. In Critical Infrastructure Protection. https://api.semanticscholar.org/CorpusID:13624144
[15]
Stanislav Ponomarev and Travis Atkison. 2016. Industrial Control System Network Intrusion Detection by Telemetry Analysis. IEEE Transactions on Dependable and Secure Computing 13 (2016), 252–260. https://api.semanticscholar.org/CorpusID:1867465
[16]
Wenli Shang, Peng Zeng, Ming Wan, Lin Li, and Panfeng An. 2016. Intrusion detection algorithm based on OCSVM in industrial control system. Secur. Commun. Networks 9 (2016), 1040–1049. https://api.semanticscholar.org/CorpusID: 44822841
[17]
Jill Slay and Michael Miller. 2007. Lessons Learned from the Maroochy Water Breach. In Critical Infrastructure Protection. https://api.semanticscholar.org/CorpusID:2517075
[18]
Samuel J. Stone and Michael A. Temple. 2012. Radio-frequency-based anomaly detection for programmable logic controllers in the critical infrastructure. Int. J. Crit. Infrastructure Prot. 5 (2012), 66–73. https://api.semanticscholar. org/CorpusID:21375777
[19]
Keith Stouffer, Joe Falco, Karen Scarfone, 2011. Guide to industrial control systems (ICS) security. NIST special publication 800, 82 (2011), 16–16.
[20]
Jiawei Su, Danilo Vasconcellos Vargas, Sanjiva Prasad, Daniele Sgandurra, Yaokai Feng, and Kouichi Sakurai. 2018.Lightweight Classification of IoT Malware Based on Image Recognition. 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC) 02 (2018), 664–669. https://api.semanticscholar.org/CorpusID:42347503
[21]
Hao Sun, Xiaofeng Wang, Rajkumar Buyya, and Jinshu Su. 2017. CloudEyes: Cloud-based malware detection with reversible sketch for resource-constrained internet of things (IoT) devices. Software: Practice and Experience 47 (2017), 421 – 441. https://api.semanticscholar.org/CorpusID:3833381
[22]
Ashish Vaswani, Noam M. Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N. Gomez, Lukasz Kaiser, and Illia Polosukhin. 2017. Attention is All you Need. In NIPS. https://api.semanticscholar.org/CorpusID:13756489
[23]
Yujun Xiao, Wenyuan Xu, Zhenhua Jia, Zhuoran Ma, and Dong lian Qi. 2017. NIPAD: a non-invasive power-based anomaly detection scheme for programmable logic controllers. Frontiers of Information Technology & Electronic Engineering 18 (2017), 519–534. https://api.semanticscholar.org/CorpusID:31345745
[24]
Han, Yi, Matthew Chan, Zahra Aref, Nils Ole Tippenhauer and S. Zonouz. “Hiding in Plain Sight? On the Efficacy of Power Side Channel-Based Control Flow Monitoring.” USENIX Security Symposium (2022).

Index Terms

  1. A physical signal-based anomaly detection for industrial terminal

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    EITCE '23: Proceedings of the 2023 7th International Conference on Electronic Information Technology and Computer Engineering
    October 2023
    1809 pages
    ISBN:9798400708305
    DOI:10.1145/3650400
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 17 April 2024

    Permissions

    Request permissions for this article.

    Check for updates

    Qualifiers

    • Research-article
    • Research
    • Refereed limited

    Funding Sources

    Conference

    EITCE 2023

    Acceptance Rates

    Overall Acceptance Rate 508 of 972 submissions, 52%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 19
      Total Downloads
    • Downloads (Last 12 months)19
    • Downloads (Last 6 weeks)3
    Reflects downloads up to 17 Feb 2025

    Other Metrics

    Citations

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    HTML Format

    View this article in HTML Format.

    HTML Format

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media