| Industrial control system(ICS)is widely used in critical infrastructures,and plays a vital role in our daily life.With the development of information technology,the industrial control system is no longer physically secure and has been connected to the Internet,which makes it a popular target for attacks to cause catastrophic physical damage.As one of the most critical components in ICS,programmable logic controller(PLC)controls the actuators directly.A PLC executing a malicious program can cause significant property loss or even casualties.Unfortunately,the existing methods for PLC protection are learnt from the traditional information system,which are not efficiency enough for ICS.Actually,the PLC runs in a simple and cyclic manner,and thus its power consumption depends greatly on the executing instructions.Based on that,we bring up a non-invasive power-based anomaly detection scheme for PLC protection.The basic idea of the anomaly detection scheme is to detect malicious software execution in PLC through analyzing its power consumption.We first collect the power signal while PLC is running,and then select an optimal feature set with sparse coding algorithm.With the feature set,we train a long short-term memory neural network for anomaly detection.The method can detect both known attacks and unknown attacks without training for abnormal samples.To validate the efficiency of our method,we build a testbed for liquid control in our lab,and the experimental results illustrate that the method works well both in normal and abnormal situations.For a trojan attack whose difference from the normal program is bigger than 0.63%,the detection accuracy is above 99.83%.We also design and implement a real-time monitoring system with an STM32 data acquisition card which is developed by ourselves.The advantages of our monitoring system is that it is non-invasive and needs no modifications of the original system,and it can detect unknown attacks effectively without abnormal samples. |
PDF Full Text Request