Physical Process Monitoring for Intrusion Detection in Industrial Control Systems

Abstract

Industrial Control Systems(ICS) of the past have been shielded from network intrusions by means of an “air gap” separating the system from the open internet. However, this protection is no longer universally present in modern networked ICS. With the development and execution of new malware targeting Programmable Logic Controllers (PLC) in ICS, it has become increasingly urgent for new techniques for discovering and identifying industrial and manufacturing behavior indicative of a malicious intrusion.We aim to develop a modular and process-isolated sensor-based addition to current Intrusion Detection Systems. We plan to design and implement an “add-on” IDS aimed at monitoring the physical processes controlled by the PLC. Our proposed system will be isolated from the potentially compromised PLC, and shall be monitoring the behavioral patterns of physical processes by processing the data collected from the sensors that are isolated from those controlled by the PLC, in order to detect potential presence of anomalies.