Side Channel Anomaly Detection in Industrial Control Systems Using Physical Characteristics of End Devices
Abstract
Industial Control Systems (ICS) are described by the Dept of Homeland Security as systems so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security. Attacks like Stuxnet show these systems are vulnerable. The end goal for Stuxnet was to operate centrifuges outside their normal parameters and hide the activity from the ICS operator. This research provides a proof of concept for an anomaly detection system that would be able to detect an attack like Stuxnet by measuring the physical change in vibration caused by the attack. The attack can hide what is reported to the operator, but it cannot hide the physical changes caused by the attack. This research uses a piezoelectric vibration sensor to collect vibration data coming from a centrifugal pump and flow meter on an ICS training system at each operating level. The collected data is then fingerprinted and classified using established RF-DNA techniques to determine if it can differentiate between the vibrations produced at each of the operating level. A clear differentiation between operating levels indicates that an ADS is feasible.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2019
- Accession Number
- AD1076435
Entities
People
- Ryan D. Harris
Organizations
- Air Force Institute of Technology