Forensic readiness of industrial control systems under stealthy attacks

Computers & Security(2023)

引用 1|浏览21
暂无评分
摘要
Cyberattacks against Industrial Control Systems (ICS) can have harmful physical impacts. Investigating such attacks can be difficult, as evidence could be lost to physical damage. This is especially true with stealthy attacks; i.e., attacks that can evade detection. In this paper, we aim to engineer Forensic Readiness (FR) in safety-critical, geographically distributed ICS, by proactively collecting potential evidence of stealthy attacks. The collection of all data generated by an ICS at all times is infeasible due to the large volume of such data. Hence, our approach only triggers data collection when there is the possibility for a potential stealthy attack to cause damage. We determine the conditions for such an event by performing predictive, model-based, safety checks. Furthermore, we use the geographical layout of the ICS and the safety predictions to identify data that is at risk of being lost due to damage, i.e., relevant data. Finally, to reduce the control performance overhead resulting from real-time data collection, we select a subset of relevant data to collect by performing a trade-off between expected impact of the attack and the estimated cost of collection. We demonstrate these ideas using simulations of the widely-used Tennessee–Eastman Process (TEP) benchmark. We show that the proposed approach does not miss relevant data and results in a reduced control performance overhead compared to the case when all data generated by the ICS is collected. We also showcase the applicability of our approach in improving the efficiency of existing ICS forensic log analysis tools.
更多
查看译文
关键词
Industrial control systems,Forensic readiness,Digital forensics,Safety checking,Stealthy attacks,Value of information
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要