As energy-related problems continue to emerge,the need for stable energy supplies and issues regarding both environmental and safety require urgent consideration.Renewable energy is becoming increasingly important,wit...As energy-related problems continue to emerge,the need for stable energy supplies and issues regarding both environmental and safety require urgent consideration.Renewable energy is becoming increasingly important,with solar power accounting for the most significant proportion of renewables.As the scale and importance of solar energy have increased,cyber threats against solar power plants have also increased.So,we need an anomaly detection system that effectively detects cyber threats to solar power plants.However,as mentioned earlier,the existing solar power plant anomaly detection system monitors only operating information such as power generation,making it difficult to detect cyberattacks.To address this issue,in this paper,we propose a network packet-based anomaly detection system for the Programmable Logic Controller(PLC)of the inverter,an essential system of photovoltaic plants,to detect cyber threats.Cyberattacks and vulnerabilities in solar power plants were analyzed to identify cyber threats in solar power plants.The analysis shows that Denial of Service(DoS)and Manin-the-Middle(MitM)attacks are primarily carried out on inverters,aiming to disrupt solar plant operations.To develop an anomaly detection system,we performed preprocessing,such as correlation analysis and normalization for PLC network packets data and trained various machine learning-based classification models on such data.The Random Forest model showed the best performance with an accuracy of 97.36%.The proposed system can detect anomalies based on network packets,identify potential cyber threats that cannot be identified by the anomaly detection system currently in use in solar power plants,and enhance the security of solar plants.展开更多
Industrial Control System(ICS),which is based on Industrial IoT(IIoT),has an intelligent mobile environment that supports various mobility,but there is a limit to relying only on the physical security of the ICS envir...Industrial Control System(ICS),which is based on Industrial IoT(IIoT),has an intelligent mobile environment that supports various mobility,but there is a limit to relying only on the physical security of the ICS environment.Due to various threat factors that can disrupt the workflow of the IIoT,machine learning-based anomaly detection technologies are being presented;it is also essential to study for increasing detection performance to minimize model errors for promoting stable ICS operation.In this paper,we established the requirements for improving the anomaly detection performance in the IIoT-based ICS environment by analyzing the related cases.After that,we presented an improving method of the performance of a machine learning model specialized for IIoT-based ICS,which increases the detection rate by applying correlation coefficients and clustering;it provides a mechanism to predict thresholds on a per-sequence.Likewise,we adopted the HAI dataset environment that actively reflected the characteristics of IIoT-based ICS and demonstrated that performance could be improved through comparative experiments with the traditional method and our proposed method.The presented method can further improve the performance of commonly applied error-based detection techniques and includes a primary method that can be enhanced over existing detection techniques by analyzing correlation coefficients between features to consider feedback between ICS components.Those can contribute to improving the performance of several detection models applied in ICS and other areas.展开更多
Cyberattacks targeting industrial control systems(ICS)are becoming more sophisticated and advanced than in the past.A programmable logic controller(PLC),a core component of ICS,controls and monitors sensors and actuat...Cyberattacks targeting industrial control systems(ICS)are becoming more sophisticated and advanced than in the past.A programmable logic controller(PLC),a core component of ICS,controls and monitors sensors and actuators in the field.However,PLC has memory attack threats such as program injection and manipulation,which has long been a major target for attackers,and it is important to detect these attacks for ICS security.To detect PLC memory attacks,a security system is required to acquire and monitor PLC memory directly.In addition,the performance impact of the security system on the PLC makes it difficult to apply to the ICS.To address these challenges,this paper proposes a system to detect PLC memory attacks by continuously acquiring and monitoring PLC memory.The proposed system detects PLC memory attacks by acquiring the program blocks and block information directly from the same layer as the PLC and then comparing them in bytes with previous data.Experiments with Siemens S7-300 and S7-400 PLC were conducted to evaluate the PLC memory detection performance and performance impact on PLC.The experimental results demonstrate that the proposed system detects all malicious organization block(OB)injection and data block(DB)manipulation,and the increment of PLC cycle time,the impact on PLC performance,was less than 1 ms.The proposed system detects PLC memory attacks with a simpler detection method than earlier studies.Furthermore,the proposed system can be applied to ICS with a small performance impact on PLC.展开更多
The smart city comprises various infrastructures,including health-care,transportation,manufacturing,and energy.A smart city’s Internet of Things(IoT)environment constitutes a massive IoT environment encom-passing num...The smart city comprises various infrastructures,including health-care,transportation,manufacturing,and energy.A smart city’s Internet of Things(IoT)environment constitutes a massive IoT environment encom-passing numerous devices.As many devices are installed,managing security for the entire IoT device ecosystem becomes challenging,and attack vectors accessible to attackers increase.However,these devices often have low power and specifications,lacking the same security features as general Information Technology(IT)systems,making them susceptible to cyberattacks.This vulnerability is particularly concerning in smart cities,where IoT devices are connected to essential support systems such as healthcare and transportation.Disruptions can lead to significant human and property damage.One rep-resentative attack that exploits IoT device vulnerabilities is the Distributed Denial of Service(DDoS)attack by forming an IoT botnet.In a smart city environment,the formation of IoT botnets can lead to extensive denial-of-service attacks,compromising the availability of services rendered by the city.Moreover,the same IoT devices are typically employed across various infrastructures within a smart city,making them potentially vulnerable to similar attacks.This paper addresses this problem by designing a defense process to effectively respond to IoT botnet attacks in smart city environ-ments.The proposed defense process leverages the defense techniques of the MITRE D3FEND framework to mitigate the propagation of IoT botnets and support rapid and integrated decision-making by security personnel,enabling an immediate response.展开更多
基金supported by the Korea Institute of Energy Technology Evaluation and Planning(KETEP)grant funded by the Korea government(MOTIE)(20224B10100140,50%)the Nuclear Safety Research Program through the Korea Foundation of Nuclear Safety(KoFONS)using the financial resource granted by the Nuclear Safety and Security Commission(NSSC)of the Republic of Korea(No.2106058,40%)the Gachon University Research Fund of 2023(GCU-202110280001,10%)。
文摘As energy-related problems continue to emerge,the need for stable energy supplies and issues regarding both environmental and safety require urgent consideration.Renewable energy is becoming increasingly important,with solar power accounting for the most significant proportion of renewables.As the scale and importance of solar energy have increased,cyber threats against solar power plants have also increased.So,we need an anomaly detection system that effectively detects cyber threats to solar power plants.However,as mentioned earlier,the existing solar power plant anomaly detection system monitors only operating information such as power generation,making it difficult to detect cyberattacks.To address this issue,in this paper,we propose a network packet-based anomaly detection system for the Programmable Logic Controller(PLC)of the inverter,an essential system of photovoltaic plants,to detect cyber threats.Cyberattacks and vulnerabilities in solar power plants were analyzed to identify cyber threats in solar power plants.The analysis shows that Denial of Service(DoS)and Manin-the-Middle(MitM)attacks are primarily carried out on inverters,aiming to disrupt solar plant operations.To develop an anomaly detection system,we performed preprocessing,such as correlation analysis and normalization for PLC network packets data and trained various machine learning-based classification models on such data.The Random Forest model showed the best performance with an accuracy of 97.36%.The proposed system can detect anomalies based on network packets,identify potential cyber threats that cannot be identified by the anomaly detection system currently in use in solar power plants,and enhance the security of solar plants.
基金This work was supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(No.NRF-2020R1A2C1012187,50%)the Nuclear Safety Research Program through the Korea Foundation of Nuclear Safety(KoFONS)using the financial resource granted by the Nuclear Safety and Security Commission(NSSC)of the Republic of Korea(No.2101058,25%)+1 种基金the Institute of Information&communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-00493)5G Massive Next Generation Cyber Attack Deception Technology Development,25%).
文摘Industrial Control System(ICS),which is based on Industrial IoT(IIoT),has an intelligent mobile environment that supports various mobility,but there is a limit to relying only on the physical security of the ICS environment.Due to various threat factors that can disrupt the workflow of the IIoT,machine learning-based anomaly detection technologies are being presented;it is also essential to study for increasing detection performance to minimize model errors for promoting stable ICS operation.In this paper,we established the requirements for improving the anomaly detection performance in the IIoT-based ICS environment by analyzing the related cases.After that,we presented an improving method of the performance of a machine learning model specialized for IIoT-based ICS,which increases the detection rate by applying correlation coefficients and clustering;it provides a mechanism to predict thresholds on a per-sequence.Likewise,we adopted the HAI dataset environment that actively reflected the characteristics of IIoT-based ICS and demonstrated that performance could be improved through comparative experiments with the traditional method and our proposed method.The presented method can further improve the performance of commonly applied error-based detection techniques and includes a primary method that can be enhanced over existing detection techniques by analyzing correlation coefficients between features to consider feedback between ICS components.Those can contribute to improving the performance of several detection models applied in ICS and other areas.
基金supported by the Korea WESTERN POWER(KOWEPO)(2022-Commissioned Research-11,Development of Cyberattack Detection Technology for New and Renewable Energy Control System Using AI(Artificial Intelligence),50%)the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-01806,Development of Security by Design and Security Management Technology in Smart Factory,40%)the Gachon University Research Fund of 2023(GCU-202110280001,10%).
文摘Cyberattacks targeting industrial control systems(ICS)are becoming more sophisticated and advanced than in the past.A programmable logic controller(PLC),a core component of ICS,controls and monitors sensors and actuators in the field.However,PLC has memory attack threats such as program injection and manipulation,which has long been a major target for attackers,and it is important to detect these attacks for ICS security.To detect PLC memory attacks,a security system is required to acquire and monitor PLC memory directly.In addition,the performance impact of the security system on the PLC makes it difficult to apply to the ICS.To address these challenges,this paper proposes a system to detect PLC memory attacks by continuously acquiring and monitoring PLC memory.The proposed system detects PLC memory attacks by acquiring the program blocks and block information directly from the same layer as the PLC and then comparing them in bytes with previous data.Experiments with Siemens S7-300 and S7-400 PLC were conducted to evaluate the PLC memory detection performance and performance impact on PLC.The experimental results demonstrate that the proposed system detects all malicious organization block(OB)injection and data block(DB)manipulation,and the increment of PLC cycle time,the impact on PLC performance,was less than 1 ms.The proposed system detects PLC memory attacks with a simpler detection method than earlier studies.Furthermore,the proposed system can be applied to ICS with a small performance impact on PLC.
基金supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-00493,5G Massive Next Generation Cyber Attack Deception Technology Development,60%)supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-01806,Development of Security by Design and Security Management Technology in Smart Factory,30%)this work was supported by the Gachon University Research Fund of 2023(GCU-202106330001%,10%).
文摘The smart city comprises various infrastructures,including health-care,transportation,manufacturing,and energy.A smart city’s Internet of Things(IoT)environment constitutes a massive IoT environment encom-passing numerous devices.As many devices are installed,managing security for the entire IoT device ecosystem becomes challenging,and attack vectors accessible to attackers increase.However,these devices often have low power and specifications,lacking the same security features as general Information Technology(IT)systems,making them susceptible to cyberattacks.This vulnerability is particularly concerning in smart cities,where IoT devices are connected to essential support systems such as healthcare and transportation.Disruptions can lead to significant human and property damage.One rep-resentative attack that exploits IoT device vulnerabilities is the Distributed Denial of Service(DDoS)attack by forming an IoT botnet.In a smart city environment,the formation of IoT botnets can lead to extensive denial-of-service attacks,compromising the availability of services rendered by the city.Moreover,the same IoT devices are typically employed across various infrastructures within a smart city,making them potentially vulnerable to similar attacks.This paper addresses this problem by designing a defense process to effectively respond to IoT botnet attacks in smart city environ-ments.The proposed defense process leverages the defense techniques of the MITRE D3FEND framework to mitigate the propagation of IoT botnets and support rapid and integrated decision-making by security personnel,enabling an immediate response.
