ICSSIM A Framework for Building Industrial Control Systems Security Testbeds

2025-05-08 0 0 1.05MB 44 页 10玖币
侵权投诉
ICSSIM – A Framework for Building Industrial Control
Systems Security Testbeds
Alireza Dehlaghi-Ghadima,b, Ali Baladorb, Mahshid Helali Moghadama, Hans
Hanssona,b, Mauro Contic
aRISE Research Institute of Sweden, V¨aster˚as, Sweden
balardalen University, V¨aster˚as, Sweden
cUniversity of Padua, Padua, Italy
Abstract
With the advent of smart industry, Industrial Control Systems (ICS) are
increasingly using Cloud, IoT, and other services to meet Industry 4.0 targets.
The connectivity inherent in these services exposes such systems to increased
cybersecurity risks. To protect ICSs against cyberattacks, intrusion detection
systems and intrusion prevention systems empowered by machine learning are
used to detect abnormal behavior of the systems. Operational ICSs are not
safe environments to research intrusion detection systems due to the
possibility of catastrophic risks. Therefore, realistic ICS testbeds enable
researchers to analyze and validate their intrusion detection algorithms in a
controlled environment. Although various ICS testbeds have been developed,
researchers’ access to a low-cost, adaptable, and customizable testbed that can
accurately simulate industrial control systems and suits security research is
still an important issue.
In this paper, we present ICSSIM, a framework for building customized
virtual ICS security testbeds, in which various types of cyber threats and
attacks can be effectively and efficiently investigated. This framework contains
base classes to simulate control system components and communications.
ICSSIM aims to produce extendable, versatile, reproducible, low-cost, and
Email addresses: alireza.dehlaghi.ghadim@ri.se (Alireza Dehlaghi-Ghadim),
ali.balador@ri.se (Ali Balador), mahshid.helali.moghadam@ri.se (Mahshid Helali
Moghadam), hans.hansson@mdu.se (Hans Hansson), conti@math.unipd.it (Mauro Conti)
arXiv:2210.13325v3 [cs.CR] 25 Nov 2022
comprehensive ICS testbeds with realistic details and high fidelity. ICSSIM is
built on top of the Docker container technology, which provides realistic
network emulation and runs ICS components on isolated private operating
system kernels. ICSSIM reduces the time for developing ICS components and
offers physical process modelling using software and hardware in the loop
simulation. We demonstrated ICSSIM by creating a testbed and validating its
functionality by showing how different cyberattacks can be applied.
Keywords: Cybersecurity, Software Simulation, Industrial Control System,
Testbed, Network Emulation, Cyberattack
1. Introduction
Industrial Control Systems (ICS) emerged as a solution to monitor and
control safety-critical industrial systems, such as power plants, power grids,
and railways. The term ICS has different realizations, such as Supervisory
Control and Data Acquisition (SCADA), Distributed Control System (DCS),
or even PLC [1], but almost the same cyber threats can be considered for all of
them. ICSs were traditionally isolated from the Internet to ensure overall
system security. However, smart manufacturing targeted by industry 4.0
[2][3][4] has led corporations to use Cloud, Internet of Things (IoT), and other
public network services as a key foundation [5]. Although connectivity has
many advantages and potential, it exposes these systems to many security
threats [6]. To acknowledge the importance of cybersecurity risks, we could
mention the Stuxnet malware attack on the Iranian Uranium enrichment
facilities [7], the attack on the Ukrainian power grid [8], the Triton malware
attack on the Saudi Arabian petrochemical plant [9], and the attack on U.S.
natural gas pipeline companies [2], each of which endangered human lives and
caused substantial financial loss. Moreover, according to Kaspersky ICS-CERT
Report [10], 33.8% of ICS computers were attacked in the first half of 2021,
which shows that cybersecurity is a severe concern to modern industry.
Therefore, there is no doubt that ICS security has become an important topic
2
for research in the past years [11], [12].
In this regard, studying cyberattacks, analyzing their impacts, testing ICSs
against cyber threats, and developing defense mechanism is of great
importance; meanwhile, due to safety reasons, is not often allowed to conduct
these studies on operational ICSs. An alternative solution could be using a
Small-scale pilot ICS as a testbed. There are a few such real ICS testbeds,
including the national SCADA testbed [13] and small-scale water treatment
system (SWaT) [14]. However, these testbeds are not accessible by all
researchers. Building such an environment is also time-consuming and
expensive [15]. Besides, scientists using such testbeds must deal with various
unrelated technical problems requiring hardware knowledge. These barriers
have led many security researchers, especially those who want to use Machine
Learning (ML) methods for attack detection, to use available datasets for their
experiments. However, intrusion detection using available datasets prevents
researchers from defining customized test conditions or changing the type of
attack on the industrial systems. Therefore, a tool to create a virtual
industrial control system that enables the required testbed to perform
cybersecurity research will be a great asset for researchers and practitioners.
This paper tries to fill this gap by providing the ICSSIM framework, a tool
to build a customized ICS security testbed that enables researchers to research
and experiment on cyber threats on their local testbed. These testbeds could
be used to develop and evaluate AI-based Intrusion Detection Systems (IDS).
Intrusion detection can be performed in various ways, including analyzing
network feature patterns and investigating physical process perturbations
caused by cyber incidents. ICS testbeds help us assess network feature
contributions on revealing cyberattacks to find the best network feature set to
feed IDSs. We can also study physical process deviations from predefined
routines and investigate how physical process changes in control loops can be
used for intrusion detection. Furthermore, we could train, validate, and test
AI-based IDSs without taking the risk of unwanted interruptions or
catastrophes in the industry. Early testing of IDSs in a controlled environment
3
could reveal vulnerabilities before they cause significant issues in operational
industries. Testing IDSs in such local testbeds is time/cost-efficient and could
target attack scenarios that are not testable in an operational environment.
The benefits of having flexible and customized security testbeds are not
limited to the domain of IDSs. Attack simulations on testbeds can reveal ICS
vulnerabilities in industrial protocols, architecture, or configurations. We can
analyze how an attacker could exploit system vulnerability and provide a
prevention or mitigation strategy for real industries. We can also evaluate the
physical impacts of different cyber attacks to estimate the risk posed by a
particular incident.
ICSSIM differs from existing virtual ICS testbeds [3, 16, 17] since it is not
only a concrete testbed but also a framework capable of creating various
testbeds with different physical processes, controlling logic, and network
architecture. This framework reduces the needed time for ICS testbed
creation, performing cyber-attacks, and logging. The controlling network is
emulated using real ICS network packets, which makes it adaptable to a wide
range of realistic network architectures. This framework also contains base
classes to define controlling system components such as Human Machine
Interfaces (HMI) and Programmable Logic Controllers (PLC). To simulate the
physical process as Hardware in a Loop (HIL), ICSSIM can simulate the
physical process using scripts or connect to real hardwired devices. We
developed ICSSIM to be flexible to cover the shortcomings of existing
testbeds. We also provided a sample testbed created by ICSSIM to show the
functionality and flexibility of this framework. In summary:
1. We surveyed the literature and analysed existing ICS testbeds to prepare
a requirement list, which we used as the design objective for building
testbeds. We believe that this list can be also used as a benchmark for
comparing ICS testbeds.
2. We built ICSSIM, an open-source framework capable of building
customized ICS testbeds based on the design objective list. We built
4
ICSSIM configurable with versatile ICS architecture to cover a wide
range of realistic ICS scenario simulations.
3. We equipped ICSSIM with various attack scripts to facilitate security
research on the testbed generated by ICSSIM.
4. We created a sample ICS testbed to demonstrate ICSSIM functionalities
and made this sample testbed publicly available.
The remainder of this paper is organized as follows. Section II discusses
the current state of the art for ICS testbeds. Section III identifies design goals
and desired characteristics for ICS testbeds. Section IV provides detail on the
proposed framework. Section V presents a bottle filling factory process control
problem as a sample ICS testbed created by ICSSIM. Section VI implements
various attacks on the candidate problem to evaluate the framework’s ability to
simulate cyberattacks. Finally, Section VII gives a conclusion and a vision for
extending the ICSSIM.
2. RELATED WORK
Several publications in this field have provided different testbeds and tools
for ICS simulation, while their strengths and weaknesses have been discussed.
We used the same categorization for literature classification as the authors in
[18, 19] proposed: 1) Physical testbeds. 2) Semi-physical testbeds. 3) Virtual
testbeds.
2.1. Physical Testbeds
Several articles have reported the construction of physical control systems
testbeds to provide a cyber threats research platform [3, 14, 20, 21, 22, 23,
24, 25, 13]. To the best of our knowledge, two comprehensive surveys [18, 19]
provide an extensive analysis of various testbeds for ICS. This paper focuses
more on presenting our testbed, and readers can check the mentioned papers to
find more information about testbeds. Here, we only refer to a few articles to
highlight the main obstacles with physical testbeds.
5
摘要:

ICSSIM{AFrameworkforBuildingIndustrialControlSystemsSecurityTestbedsAlirezaDehlaghi-Ghadima,b,AliBaladorb,MahshidHelaliMoghadama,HansHanssona,b,MauroConticaRISEResearchInstituteofSweden,Vasteras,SwedenbMalardalenUniversity,Vasteras,SwedencUniversityofPadua,Padua,ItalyAbstractWiththeadventofsmar...

展开>> 收起<<
ICSSIM A Framework for Building Industrial Control Systems Security Testbeds.pdf

共44页,预览5页

还剩页未读, 继续阅读

声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!

相关推荐

更多
立即下载
分类:图书资源 价格:10玖币 属性:44 页 大小:1.05MB 格式:PDF 时间:2025-05-08

开通VIP享超值会员特权

  • 多端同步记录
  • 高速下载文档
  • 免费文档工具
  • 分享文档赚钱
  • 每日登录抽奖
  • 优质衍生服务

作者详情

相关内容

更多

热门标签

人际关系 配电装置 动力学连接体 力的合成 高考理综 全宋诗作者索引 公务员考试
/ 44
评分 收藏
分享
立即下载
客服
关注