Side Channel Anomaly Detection in Industrial Control Systems Using Physical Characteristics of End Devices

Harris, Ryan D.

Side Channel Anomaly Detection in Industrial Control Systems Using Physical Characteristics of End Devices

Active / Technical Report | Accession Number: AD1076435 |

Open PDF

Abstract:

Industial Control Systems ICS are described by the Dept of Homeland Security as systems so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security. Attacks like Stuxnet show these systems are vulnerable. The end goal for Stuxnet was to operate centrifuges outside their normal parameters and hide the activity from the ICS operator. This research provides a proof of concept for an anomaly detection system that would be able to detect an attack like Stuxnet by measuring the physical change in vibration caused by the attack. The attack can hide what is reported to the operator, but it cannot hide the physical changes caused by the attack. This research uses a piezoelectric vibration sensor to collect vibration data coming from a centrifugal pump and flow meter on an ICS training system at each operating level. The collected data is then fingerprinted and classified using established RF-DNA techniques to determine if it can differentiate between the vibrations produced at each of the operating level. A clear differentiation between operating levels indicates that an ADS is feasible.

Author(s):

Harris, Ryan D.

Author Organization(s):

AIR FORCE INSTITUTE OF TECHNOLOGY WRIGHT-PATTERSON AFB OH WRIGHT-PATTERSON AFB United States

Descriptive Note:

Technical Report,01 Jan 2013,21 Mar 2019

Pagination:

0072

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release;

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

AFIT-ENG-MS-19-M-032

Subject Terms

Joint Capability Areas:

JCA_2_Battlespace Awareness; JCA_1_Force Support; JCA_2.2.1_Signals Collection; JCA_2.2_Collection; JCA_1.2_Force Preparation; JCA_5_Command and Control; JCA_5.3_Planning; JCA_1.2.1_Training; JCA_7.2.1_Mitigate Lethal Effects; JCA_7.2_Mitigate; JCA_7_Protection; JCA_6_Net Centric; JCA_6.1.1_Wired Transmission; JCA_6.1.2_Wireless Transmission; JCA_6.1.3_Switching and Routing; JCA_6.1_Information Transport; JCA_1.2.5_Lessons Learned; JCA_1.2.6_Concepts; JCA_5.3.2_Apply Situational Understanding; JCA_6.4.1_Secure Information Exchange; JCA_6.4_Information Assurance

Modernization Areas:

Microelectronics; Directed Energy

Communities of Interest:

Sensors

Descriptor(s):

digital data, data analysis, control systems, industrial control systems, homeland security, detection, anomaly detection, piezoelectric effect

Field(s)/Group(s):

Military Operations, Strategy and Tactics, Computer Programming and Software

Keyword(s):

ICS(Industial Control Systems), Vibration Sensor, RF DNA(Radio Frequency Distinct Native Attribute ), WS DNA(Wired Signal Distinct Native Attribute), MDA ML(Multiple Discriminant Analysis Maximum Likelihood)

Report Date:

2019 Mar 01

Creation Date:

2019 Jul 11