Needle in a Haystack: Detecting Subtle Malicious Edits to Additive Manufacturing G-code Files

TL;DR

This paper investigates the challenge of detecting subtle malicious modifications in 3D printing G-code files, especially without access to original models, using a case study with statistical and machine learning methods.

Contribution

It introduces a case study framework for detecting subtle G-code edits in digital manufacturing, demonstrating the effectiveness of statistical and ML techniques in identifying malicious changes.

Findings

Blue-team detected all compromises in the first dataset

50 out of 60 compromises detected in the second dataset

Subtle G-code modifications can be identified using ML methods

Abstract

Increasing usage of Digital Manufacturing (DM) in safety-critical domains is increasing attention on the cybersecurity of the manufacturing process, as malicious third parties might aim to introduce defects in digital designs. In general, the DM process involves creating a digital object (as CAD files) before using a slicer program to convert the models into printing instructions (e.g. g-code) suitable for the target printer. As the g-code is an intermediate machine format, malicious edits may be difficult to detect, especially when the golden (original) models are not available to the manufacturer. In this work we aim to quantify this hypothesis through a red-team/blue-team case study, whereby the red-team aims to introduce subtle defects that would impact the properties (strengths) of the 3D printed parts, and the blue-team aims to detect these modifications in the absence of the golden models. The case study had two sets of models, the first with 180 designs (with 2 compromised using 2 methods) and the second with 4320 designs (with 60 compromised using 6 methods). Using statistical modelling and machine learning (ML), the blue-team was able to detect all the compromises in the first set of data, and 50 of the compromises in the second.