Protocol-Agnostic Detection of Stealth Attacks on Networked Control Systems.

Attacks on critical infrastructure networks can have severe impact on the physical realm, which makes fast and reliable attack detection a primary security goal. To enhance the security of networked control systems, we introduce a novel approach to detect model-based stealth attacks on industrial real-time protocols. Specifically, we outline how stealth attacks can be detected through passive network monitoring using several supervised and unsupervised machine learning techniques. Our approach leverages computationally inexpensive, well-known detectors (e.g., Support Vector Machines and Local Outlier Factor) and operates in a protocol-agnostic manner that does not require protocol parsing. We evaluate detection capabilities by injecting attack traffic into PROFINET real-time traffic obtained from two different real-world networks. Our results indicate that stealth attacks can be reliably detected within tens of milliseconds.