Affiliations: [a]
School of Computer Science and Engineering, Vellore Institute of Technology, Vellore, Tamilnadu, India
| [b]
Department of Computer Science Engineering, Coimbatore Institute of Technology, Coimbatore, Tamilnadu, India
Correspondence:
[*]
Corresponding author. P. Balakrishnan, School of Computer Science and Engineering, Vellore Institute of Technology, Vellore, Tamilnadu, India. E-mail: baskrish1977@gmail.com.
Abstract: Operational Technology (OT) often refers to the industrial control systems which are used to monitor and control the devices and processes of critical infrastructure like, water treatment plant, power grid and sewage systems. Conventionally, these OT systems are completely isolated from Information Technology (IT) infrastructure to protect their processes and devices against cyber-attacks. However, the convergence of IT and OT is inevitable to improvise the remote management of physical devices and to enhance the production by incorporating data-driven decision making by accessing and analyzing their real-time data. To achieve this, the isolated OT systems and devices need to be accessed using Internet. However, this interconnection leads both the sensor and control data of OT systems vulnerable to cyber-attacks. This research work extends our previous intrusion detection system that identifies anomalies which are deviated from process-invariants in secured water treatment (SWaT) test-bed data obtained from Singapore University of Technology and Design (SUTD). Additionally, it proposes process-invariants based timed automata wherein the attack and its detection model are represented as timed automata. The proposed system is implemented and validated using UPPAAL, a tool for validating real-time systems represented as networks of timed automata. The results conclude that the proposed system effectively identifies the attacks considered thereby recommending the timed automata as an operational tool for detecting the data-integrity attacks in critical infrastructures. The highly reported attacks that include level indicators, motorized valves, pressure indicators and analyzer indicators are detected successfully by the proposed system. Using the results, Stage 1 and Stage 3 are highly vulnerable.
