Enhancing Industrial Cyber-Physical Systems Security with Smart Probing Approach

Abstract

Critical infrastructures and industrial facilities are examples of Cyber-Physical Systems, which are sophisticated systems that integrate physical processes and communication networks. Regrettably, the combination of physical and cyber layers raises the possibility of complications such as a larger surface area for cyberattacks. Due to the unique characteristics of the industrial environment, applying safeguarding architecture similar to that created for the IT sector is not conceivable. Yet, in this study, we exploit the features of industrial communication networks to design the Smart Security Probe, an intrusion detection system for industrial networks. This solution was created to detect potential anomalies in network traffic and to assist in inferring potential anomalies in data connected to physical processes. Smart Security Probe has two operating modes: passive and interactive. When the passive mode is selected, the proposed device analyses the traffic shape in a transparent way, while in the interactive mode it is possible to send packets to allow further analysis and the device is visible in the network. When the interactive mode is activated, a model-based anomaly detection system is included in the suggested approach. Using the Message Queuing Telemetry Transport protocol, the Smart Security Probe can communicate with a remote station to implement an asynchronous Extended Kalman Filter. Smart Security Probe was tested and validated in a system comprised of one Programmable Logic Controller and one Supervisory Control and Data Acquisition system that controls three simulated interconnected tanks.