DOI

https://doi.org/10.25772/6HVJ-A902

Defense Date

2024

Document Type

Dissertation

Degree Name

Doctor of Philosophy

Department

Computer Science

First Advisor

Irfan Ahmed

Abstract

Industrial control systems (ICS) play a crucial role in monitoring and managing critical infrastructure, including nuclear plants, oil and gas pipelines, and power grid stations. Programmable logic controllers (PLCs) are a fundamental component of ICS, directly interfacing with physical processes and implementing control logic programs that govern operations. Due to their significance in controlling critical infrastructure, PLCs often become prime targets for attackers seeking to disrupt these systems. Exploitable vulnerabilities in PLCs render them susceptible to such attacks. While many attacks on PLCs leave a large footprint in network traffic and are detectable by intrusion detection systems (IDS), this dissertation focuses on more stealthy and difficult-to-detect attacks.

This dissertation explores various ways that PLCs can be vulnerable, starting with an empirical study of the authentication systems of different PLCs from various manufacturers to identify weaknesses. It examines how attackers can compromise a PLC's control logic without sending harmful code through the network, instead utilizing existing code already stored in the PLC's memory. Additionally, the research investigates network-based attacks that can bypass existing IDS without detection by exploiting PLC design features.

A key focus is on identifying and analyzing the design features of PLCs that can be exploited to leverage attacks. Understanding these features highlights the vulnerabilities inherent in PLC designs that attackers can exploit to achieve their malicious goals.

Furthermore, the dissertation proposes a detection framework capable of identifying control logic attacks by capturing and analyzing runtime data. Existing IDS can detect traditional attacks that inject malicious control logic, but attacks that manipulate data structures within the PLC's memory rather than the control logic itself are harder to detect. This proposed framework addresses these challenges, providing a robust defense against both traditional and stealthy attack vectors.

In conclusion, this work addresses areas not previously explored, focusing on stealthy attacks that leave minimal footprints in network traffic and proposing a detection scheme capable of identifying these sophisticated attacks. This research contributes significantly to enhancing the security of critical infrastructure managed by ICS.

Rights

© The Author

Is Part Of

VCU University Archives

Is Part Of

VCU Theses and Dissertations

Date of Submission

8-9-2024

Share

COinS