Development of a Rapid Response framework for ICS to distinguish between Failures and Cyber-attacks through Petri-Net scenario modelling

While countermeasures against cyber-attacks on industrial control systems (ICS) are being called for, in this research, we developed a rapid response model to distinguish between failures and attacks from the occurrence pattern of anomalous alarm sequences, which is faster and more accurate than the...

Full description

Saved in:
Bibliographic Details
Published in2022 61st Annual Conference of the Society of Instrument and Control Engineers (SICE) pp. 205 - 209
Main Authors Kapadia, Nimit, Kai, Satoshi, Toba, Minako
Format Conference Proceeding
LanguageEnglish
Published The Society of Instrument and Control Engineers - SICE 06.09.2022
Subjects
Cyber-attack detection
Cybersecurity
Distinguishing of failures and attacks
Distinguishing technology
Firewalls (computing)
Industrial control
Instruments
Integrated circuits
Manuals
Real-time systems
Safety & Security
Visualization
Online AccessGet full text

Cover

More Information
Summary:While countermeasures against cyber-attacks on industrial control systems (ICS) are being called for, in this research, we developed a rapid response model to distinguish between failures and attacks from the occurrence pattern of anomalous alarm sequences, which is faster and more accurate than the conventional security monitoring approach. It is based on the idea that the system status due to a device abnormality or operation error and the system status that has been subjected to a cyber-attack can be separated by looking at the alarm sequence. We have examined the basic concept and developed a basic specification model for attack and failure scenarios using Petri-nets. When the model was tested on simulated attack and failure data, it was found to provide state-of-the-art performance accuracy of 88%.
DOI:10.23919/SICE56594.2022.9905864