%0 Conference Proceedings
%T Enhancing the Security and Forensic Capabilities of Programmable Logic Controllers
%+ The University of Hong Kong (HKU)
%A Chan, Chun-Fai
%A Chow, Kam-Pui
%A Yiu, Siu-Ming
%A Yau, Ken
%Z Part 5: Mobile and Embedded Device Forensics
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 14th IFIP International Conference on Digital Forensics (DigitalForensics)
%C New Delhi, India
%Y Gilbert Peterson
%Y Sujeet Shenoi
%I Springer International Publishing
%3 Advances in Digital Forensics XIV
%V AICT-532
%P 351-367
%8 2018-01-03
%D 2018
%R 10.1007/978-3-319-99277-8_19
%K Programmable logic controllers
%K anomaly detection
%K forensics
%Z Computer Science [cs]Conference papers
%X Industrial control systems are used to monitor and operate critical infrastructures. For decades, the security of industrial control systems was preserved by their use of proprietary hardware and software, and their physical separation from other networks. However, to reduce costs and enhance interconnectivity, modern industrial control systems increasingly use commodity hardware and software, and are connected to vendor and corporate networks, and even the Internet. These trends expose industrial control systems to risks that they were not designed to handle.This chapter describes a novel approach for enhancing industrial control system security and forensics by adding monitoring and logging mechanisms to programmable logic controllers, key components of industrial control systems. A proof-of-concept implementation is presented using a popular Siemens programmable logic controller. Experiments were conducted to compare the accuracy and performance impact of the proposed method versus the conventional programmable logic controller polling method. The experimental results demonstrate that the new method yields increased anomaly detection coverage and accuracy with only a small performance impact. Additionally, the new method increases the speed of anomaly detection and reduces network overhead, enabling forensic investigations of programmable logic controllers to be conducted more efficiently and effectively.
%G English
%Z TC 11
%Z WG 11.9
%2 https://inria.hal.science/hal-01988832/document
%2 https://inria.hal.science/hal-01988832/file/472401_1_En_19_Chapter.pdf
%L hal-01988832
%U https://inria.hal.science/hal-01988832
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-AICT
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-DF
%~ IFIP-WG11-9
%~ IFIP-AICT-532