@inproceedings{10.1145/3320269.3384730,
author = {Sarkar, Esha and Benkraouda, Hadjer and Maniatakos, Michail},
title = {I came, I saw, I hacked: Automated Generation of Process-independent Attacks for Industrial Control Systems},
year = {2020},
isbn = {9781450367509},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3320269.3384730},
doi = {10.1145/3320269.3384730},
abstract = {Malicious manipulations on Industrial Control Systems (ICSs) endanger critical infrastructures, causing unprecedented losses. State-of-the-art research in the discovery and exploitation of vulnerability typically assumes full visibility and control of the industrial process, which in real-world scenarios is unrealistic. In this work, we investigate the possibility of an automated end-to-end attack for an unknown control process in the constrained scenario of infecting just one industrial computer. We create databases of human-machine interface images, and Programmable Logic Controller (PLC) binaries using publicly available resources to train machine-learning models for modular and granular fingerprinting of the ICS sectors and the processes, respectively. We then explore control-theoretic attacks on the process leveraging common/ubiquitous control algorithm modules like Proportional Integral Derivative blocks using a PLC binary reverse-engineering tool, causing stable or oscillatory deviations within the operational limits of the plant. We package the automated attack and evaluate it against a benchmark chemical process, demonstrating the feasibility of advanced attacks even in constrained scenarios.},
booktitle = {Proceedings of the 15th ACM Asia Conference on Computer and Communications Security},
pages = {744–758},
numpages = {15},
keywords = {fingerprinting, industrial control systems security, machine learning, process-aware attacks},
location = {Taipei, Taiwan},
series = {ASIA CCS '20}
}