Grounds for Suspicion: Physics-based Early Warnings for Stealthy Attacks on Industrial Control Systems
Mazen Azzam, Liliana Pasquale, Gregory Provan, Bashar Nuseibeh
TL;DR
This paper introduces a physics-based framework for providing early warnings of stealthy attacks on industrial control systems by assessing attack feasibility and proximity to unsafe states, validated on a chemical process case study.
Contribution
It proposes a novel suspicion metric based on physical process behavior, formulated as a real-time reachability problem, to give early warnings before damage occurs.
Findings
Early warnings can be issued before physical damage occurs.
The suspicion metric is effective in real-time detection.
Framework validated on Tennessee-Eastman process case study.
Abstract
Stealthy attacks on Industrial Control Systems can cause significant damage while evading detection. In this paper, instead of focusing on the detection of stealthy attacks, we aim to provide early warnings to operators, in order to avoid physical damage and preserve in advance data that may serve as an evidence during an investigation. We propose a framework to provide grounds for suspicion, i.e. preliminary indicators reflecting the likelihood of success of a stealthy attack. We propose two grounds for suspicion based on the behaviour of the physical process: (i) feasibility of a stealthy attack, and (ii) proximity to unsafe operating regions. We propose a metric to measure grounds for suspicion in real-time and provide soundness principles to ensure that such a metric is consistent with the grounds for suspicion. We apply our framework to Linear Time-Invariant (LTI) systems and…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.