FingerCI: Writing industrial process specifications from network traffic

IF 4.1 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection Pub Date : 2024-11-19 DOI:10.1016/j.ijcip.2024.100725

Filipe Apolinário , Nelson Escravana , Éric Hervé , Miguel L. Pardal , Miguel Correia

{"title":"FingerCI: Writing industrial process specifications from network traffic","authors":"Filipe Apolinário , Nelson Escravana , Éric Hervé , Miguel L. Pardal , Miguel Correia","doi":"10.1016/j.ijcip.2024.100725","DOIUrl":null,"url":null,"abstract":"<div><div>Critical infrastructures (CIs) are often targets of cyber-attacks, requiring accurate process specifications to identify and defend against incidents. However, discrepancies between these specifications and real-world CI conditions arise due to the costly process of manual specification by experts.</div><div>This paper introduces <span>FingerCI</span>, a method for automatically generating CI process specifications through network traffic analysis and physical behavior modeling. By defining a Specification Language that integrates with existing systems, <span>FingerCI</span> extracts industrial process specifications without infrastructure changes or downtime. The specifications include a behavior model that validates physical correctness.</div><div>We evaluated <span>FingerCI</span> on a digital twin of an airport baggage handling system, achieving 99.98% fitness to observed behavior. Our method improves cybersecurity and fault detection with high accuracy.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100725"},"PeriodicalIF":4.1000,"publicationDate":"2024-11-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Critical Infrastructure Protection","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1874548224000660","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Critical infrastructures (CIs) are often targets of cyber-attacks, requiring accurate process specifications to identify and defend against incidents. However, discrepancies between these specifications and real-world CI conditions arise due to the costly process of manual specification by experts.

This paper introduces FingerCI, a method for automatically generating CI process specifications through network traffic analysis and physical behavior modeling. By defining a Specification Language that integrates with existing systems, FingerCI extracts industrial process specifications without infrastructure changes or downtime. The specifications include a behavior model that validates physical correctness.

We evaluated FingerCI on a digital twin of an airport baggage handling system, achieving 99.98% fitness to observed behavior. Our method improves cybersecurity and fault detection with high accuracy.

查看原文本刊更多论文

FingerCI：从网络流量中编写工业流程规范

关键基础设施（CI）通常是网络攻击的目标，需要准确的流程规范来识别和防御事件。本文介绍了 FingerCI，一种通过网络流量分析和物理行为建模自动生成 CI 流程规范的方法。通过定义一种与现有系统集成的规范语言，FingerCI 可以提取工业流程规范，而无需更改基础设施或停机。我们在一个机场行李处理系统的数字孪生系统上对 FingerCI 进行了评估，结果显示其与观察行为的吻合度高达 99.98%。我们的方法提高了网络安全和故障检测的准确性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Critical Infrastructure Protection COMPUTER SCIENCE, INFORMATION SYSTEMS-ENGINEERING, MULTIDISCIPLINARY

CiteScore

8.90

自引率

5.60%

发文量

审稿时长

>12 weeks

期刊介绍： The International Journal of Critical Infrastructure Protection (IJCIP) was launched in 2008, with the primary aim of publishing scholarly papers of the highest quality in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology, law and policy to craft sophisticated yet practical solutions for securing assets in the various critical infrastructure sectors. These critical infrastructure sectors include: information technology, telecommunications, energy, banking and finance, transportation systems, chemicals, critical manufacturing, agriculture and food, defense industrial base, public health and health care, national monuments and icons, drinking water and water treatment systems, commercial facilities, dams, emergency services, nuclear reactors, materials and waste, postal and shipping, and government facilities. Protecting and ensuring the continuity of operation of critical infrastructure assets are vital to national security, public health and safety, economic vitality, and societal wellbeing. The scope of the journal includes, but is not limited to: 1. Analysis of security challenges that are unique or common to the various infrastructure sectors. 2. Identification of core security principles and techniques that can be applied to critical infrastructure protection. 3. Elucidation of the dependencies and interdependencies existing between infrastructure sectors and techniques for mitigating the devastating effects of cascading failures. 4. Creation of sophisticated, yet practical, solutions, for critical infrastructure protection that involve mathematical, scientific and engineering techniques, economic and social science methods, and/or legal and public policy constructs.