Efficient Cyberattack Detection Methods in Industrial Control Systems
Piotr Marusak,
Robert Nebeluk,
Andrzej Wojtulewicz,
Krzysztof Cabaj,
Patryk Chaber,
Maciej Ławryńczuk,
Sebastian Plamowski,
Krzysztof Zarzycki
Affiliations
Piotr Marusak
Institute of Control and Computation Engineering, Faculty of Electronics and Information Technology, Warsaw University of Technology, 00-665 Warsaw, Poland
Robert Nebeluk
Institute of Control and Computation Engineering, Faculty of Electronics and Information Technology, Warsaw University of Technology, 00-665 Warsaw, Poland
Andrzej Wojtulewicz
Institute of Control and Computation Engineering, Faculty of Electronics and Information Technology, Warsaw University of Technology, 00-665 Warsaw, Poland
Krzysztof Cabaj
Institute of Computer Science, Faculty of Electronics and Information Technology, Warsaw University of Technology, 00-665 Warsaw, Poland
Patryk Chaber
Institute of Control and Computation Engineering, Faculty of Electronics and Information Technology, Warsaw University of Technology, 00-665 Warsaw, Poland
Maciej Ławryńczuk
Institute of Control and Computation Engineering, Faculty of Electronics and Information Technology, Warsaw University of Technology, 00-665 Warsaw, Poland
Sebastian Plamowski
Institute of Control and Computation Engineering, Faculty of Electronics and Information Technology, Warsaw University of Technology, 00-665 Warsaw, Poland
Krzysztof Zarzycki
Institute of Control and Computation Engineering, Faculty of Electronics and Information Technology, Warsaw University of Technology, 00-665 Warsaw, Poland
The article deals with the issue of detecting cyberattacks on control algorithms running in a real Programmable Logic Controller (PLC) and controlling a real laboratory control plant. The vulnerability of the widely used Proportional–Integral–Derivative (PID) controller is investigated. Four effective, easy-to-implement, and relatively robust methods for detecting attacks on the control signal, output variable, and parameters of the PID controller are researched. The first method verifies whether the value of the control signal sent to the control plant in the previous step is the actual value generated by the controller. The second method relies on detecting sudden, unusual changes in output variables, taking into account the inertial nature of dynamic plants. In the third method, a copy of the controller parameters is used to detect an attack on the controller’s parameters implemented in the PLC. The fourth method uses the golden run in attack detection.
