Title (eng): Anomaly-Based Attack Detection in Cyber-Physical Systems
Kreimel, P. (Philipp)
St. Pölten, Studiengang Information Security, Masterarbeit, 2016
Historically, the industrial world was dominated by proprietary systems and protocols, as well as physical separation. In recent years those systems started to evolve into globally connected systems, i.e. cyber-physical systems (CPSs). However, the increasing integration of IP-based technology and standard computing devices into operational environments opened new points of exposure and increased the possibility of cyber security vulnerabilities. Thus, the threat of cyber-attacks on cyber-physical systems has vastly increased with today’s interconnected systems. Furthermore, traditional intrusion defense strategies for IT systems are often not applicable in operational environments. Thus, new approaches, specific for CPSs, are needed. This thesis presents an anomaly-based attack detection approach, which uses normal system behavior as training data to define a behavior model and then compares the current system activity with this model in order to detect outliers in the data. To ensure the practical applicability of this approach, an industrial CPS scenario, a conveyor belt system, was built using industrial hardware. After the model of normal behavior of the conveyor belt system was constructed by machine learning, various cyber-attacks were conducted against the control system. The results achieved through the anomaly detection approach were promising. Cyber-attacks that modified process values were detected with high accuracy. Furthermore, several passive attacks, such as Man-in-the-Middle attacks, could also be identified by anomalous data.
Object languages: English
© All rights reserved
Classification: Cyber-physisches System; Cyberattacke