Efficient Mining of Temporal Safety Properties for Intrusion Detection in Industrial Control Systems

Oualid Koucham 1 Stéphane Mocanu 2, 3 Guillaume Hiet 4 Jean-Marc Thiriet 5 Frédéric Majorczyk 6
1 GIPSA-SYSCO - SYSCO
GIPSA-DA - Département Automatique
3 CTRL-A - Control techniques for Autonomic, adaptive and Reconfigurable Computing systems
Inria Grenoble - Rhône-Alpes, LIG - Laboratoire d'Informatique de Grenoble
4 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
5 GIPSA-SAIGA - SAIGA
GIPSA-DA - Département Automatique, GIPSA-DIS - Département Images et Signal
Abstract : Sophisticated process-aware attacks targeting industrial control systems require adequate detection measures taking into account the physical process. This paper proposes an approach relying on automatically mined process specifications to detect attacks on sequential control systems. The specifications are synthesized as monitors that read the execution traces and report violations to the operator. In contrast to other approaches, a central aspect of our method consists in reducing the number of mined specifications suffering from redundancies. We evaluate our approach on a hardware-in-the-loop testbed with a complex physical process model and discuss our approach's mining efficiency and attack detection capabilities.
Document type :
Conference papers
Complete list of metadatas

Cited literature [4 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01877109
Contributor : Stéphane Mocanu <>
Submitted on : Friday, September 21, 2018 - 10:56:20 AM
Last modification on : Friday, September 13, 2019 - 9:51:33 AM
Long-term archiving on : Saturday, December 22, 2018 - 3:07:33 PM

File

safeprocess2018_v7.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01877109, version 1

Citation

Oualid Koucham, Stéphane Mocanu, Guillaume Hiet, Jean-Marc Thiriet, Frédéric Majorczyk. Efficient Mining of Temporal Safety Properties for Intrusion Detection in Industrial Control Systems. 10th IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes (SAFEPROCESS'18), Aug 2018, Warsaw, Poland. pp.1-8. ⟨hal-01877109⟩

Share

Metrics

Record views

1149

Files downloads

315