5th International Symposium for ICS & SCADA Cyber Security Research 2018 (ICS-CSR 2018)
ICS & SCADA Cyber Security Research
29 - 30 August 2018
Industrial control systems manage critical infrastructures that are immensely diverse and complicated. These highly linked critical infrastructures are made up of networks of industrial control system (ICS) each responsible for controlling critical processes. During its nascent stages the controllers in the ICS were built for robust operation in extreme industrial conditions, but little to no emphasis was placed on safeguarding the system against potential cyberthreats. The industrial networks having legacy controllers are air gapped from the enterprise network hence a centrally deployed NIDS in the same network of the trusted nodes is often used as the last line of defence against intrusions such as malicious activity or policy violation. Most cyber incidents in industrial control systems have witnessed the breach of the air gap and compromised trusted nodes. Hence this paper proposes an on-the-edge Intrusion Prevention System (IPS) that can detect and prevent Denial of Service (DoS) attack on the Programmable Logic Controllers (PLCs) from trusted nodes at real time. A novel attribute of our proposed framework is that it is generic in nature and can be used on any PLC irrespective of the critical infrastructure being controlled by it. A wide range of experimentation has been performed to validate the performance of our proposed IPS.