DEEP DETECTION ARCHITECTURE FOR SECURITY IN INDUSTRIAL CONTROL SYSTEMS

Abstract

In recent years, the information and communications technology evolution joined the industrial control systems development, leading to new signi cant enhancements. After the rst Supervisory Control And Data Acquisition mono- lithic systems, conceived in the 60s, the networked generation was born. Nowa- days, the Internet of things and Industry 4.0 paradigms foresee the use of net- work communication for remote monitoring and control critical infrastructures. Even though the bene ts are noticeable, new security challenges concerning industrial facilities arise: typical vulnerabilities of the cyber domain emerged in industrial control systems. The classic cyber-security tools are ine ective, since industrial control systems are designed to operate in standalone or iso- lated con gurations and are characterized by hard real-time and bandwidth constraints. As a consequence, in the last decade, critical infrastructures have experienced a large number of cyber-attacks. Despite the impact of such alarms, the paramount importance of the information traveling in the control system networks and its protection is still underestimated. In this thesis the protection of industrial control systems for critical infras- tructures is addressed. It is supposed that the attackers are able to gain the access to industrial control system network, they are able to bypass the infor- mation technology security defense and exploit the system by changing control information. However, they cannot hide their target: the side-e ects of cyber- attacks on physical plants reveal the malicious intents. In order to address this problem, this thesis explores attack detection mechanisms that identify attacks by monitoring both the physical system under control and the cyber layer. This thesis considers both security issues arising at control level and super- visory level. The rst one is related to the operational level of the system, the second one is related to the presence of the human in the control loop when emergencies occur. A defense-in-depth approach is adopted by developing a deep detection architecture able to combine information from both physical and cyber levels and reduce false alarm rates.