Abstract
Traditional cyber security mechanisms, such as network-based intrusion detection systems and signature-based antivirus software, have limited effectiveness in industrial control settings, rendering critical infrastructure assets vulnerable to cyber attacks. Even four years after the discovery of Stuxnet, security solutions that can directly monitor the execution of constrained platforms, such as programmable logic controllers, are not yet available. Power fingerprinting, which uses physical measurements from a side channel such as power consumption or electromagnetic emissions, is a promising new technique for detecting malicious software execution in critical systems. The technique can be used to directly monitor the execution of systems with constrained resources without the need to load third-party software artifacts on the platforms.
This paper demonstrates the feasibility of using power fingerprinting to directly monitor programmable logic controllers and detect malicious software execution. Experiments with a Siemens S7 programmable logic controller show that power fingerprinting can successfully monitor programmable logic controller execution and detect malware similar to Stuxnet. Indeed, power fingerprinting has the potential to dramatically transform industrial control system security by providing a unified intrusion detection solution for critical systems.
Chapter PDF
Similar content being viewed by others
References
C. Aguayo Gonzalez and J. Reed, Dynamic power consumption monitoring in SDR and CR regulatory compliance, Proceedings of the Software Defined Radio Technical Conference and Product Exposition, 2009.
C. Aguayo Gonzalez and J. Reed, Power fingerprinting in SDR and CR integrity assessment, Proceedings of the IEEE Military Communications Conference, 2009.
C. Aguayo Gonzalez and J. Reed, Detecting unauthorized software execution in SDR using power fingerprinting, Proceedings of the IEEE Military Communications Conference, pp. 2211–2216, 2010.
C. Aguayo Gonzalez and J. Reed, Power fingerprinting in unauthorized software execution detection for SDR regulatory compliance, Proceedings of the Software Defined Radio Technical Conference and Product Exposition, pp. 689–694, 2010.
C. Aguayo Gonzalez and J. Reed, Power fingerprinting in SDR integrity assessment for security and regulatory compliance, Analog Integrated Circuits and Signal Processing, vol. 69(2-3), pp. 307–327, 2011.
S. Axelsson, The base-rate fallacy and the difficulty of intrusion detection, ACM Transactions on Information and System Security, vol. 3(3), pp. 186–205, 2000.
A. Bose, X. Hu, K. Shin and T. Park, Behavioral detection of malware on mobile handsets, Proceedings of the Sixth International Conference on Mobile Systems, Applications and Services, pp. 225–238, 2008.
A. Bose and K. Shin, On mobile viruses exploiting messaging and Bluetooth services, Proceedings of the Second International Conference on Security and Privacy in Communications Networks and the Securecomm Workshops, 2006.
M. Christodorescu, S. Jha, S. Seshia, D. Song and R. Bryant, Semantics-aware malware detection, Proceedings of the IEEE Symposium on Security and Privacy, pp. 32–46, 2005.
A. Cui and S. Stolfo, Defending embedded systems with software symbiotes, Proceedings of the Fourteenth International Symposium on Recent Advances in Intrusion Detection, pp. 358–377, 2011.
S. Das, K. Kant and N. Zhang, Handbook on Securing Cyber-Physical Critical Infrastructure: Foundations and Challenges, Morgan Kaufmann, Waltham, Massachusetts, 2012.
H. Erbacher and S. Hutchinson, Distributed sensor objects for intrusion detection systems, Proceedings of the Ninth International Conference on Information Technology, pp. 417–424, 2012.
N. Falliere, L. O’Murchu and E. Chien, W32.Stuxnet Dossier, Version 1.4, Symantec, Mountain View, California, 2011.
J. Oberheide, E. Cooke and F. Jahanian, CloudAV: N-version antivirus in the network cloud, Proceedings of the Seventeenth USENIX Security Symposium, pp. 91–106, 2008.
M. Rajab, L. Ballard, N. Jagpal, P. Mavrommatis, D. Nojiri, N. Provos and L. Schmidt, Trends in Circumventing Web-Malware Detection, Google Technical Report rajab-2011a, Google, Mountain View, California, 2011.
J. Reeves, A. Ramaswamy, M. Locasto, S. Bratus and S. Smith, Lightweight intrusion detection for resource-constrained embedded control systems, in Critical Infrastructure Protection V, J. Butts and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 31–46, 2011.
S. Stone, Radio-Frequency-Based Programmable Logic Controller Anomaly Detection, Ph.D. Dissertation, Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio, 2013.
S. Stone and M. Temple, Radio-frequency-based anomaly detection for programmable logic controllers in the critical infrastructure, International Journal of Critical Infrastructure Protection, vol. 5(2), pp. 66–73, 2012.
C. Tankard, Advanced persistent threats and how to monitor and deter them, Network Security, vol. 2011(8), pp. 16–19, 2011
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Aguayo Gonzalez, C., Hinton, A. (2014). Detecting Malicious Software Execution in Programmable Logic Controllers Using Power Fingerprinting. In: Butts, J., Shenoi, S. (eds) Critical Infrastructure Protection VIII. ICCIP 2014. IFIP Advances in Information and Communication Technology, vol 441. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45355-1_2
Download citation
DOI: https://doi.org/10.1007/978-3-662-45355-1_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-45354-4
Online ISBN: 978-3-662-45355-1
eBook Packages: Computer ScienceComputer Science (R0)