Abstract

Cyber-manufacturing system (CMS) is a vision of smart factories where manufacturing processes are fully integrated with computational components. In CMS, an effective intrusion detection system (IDS) is essential in protecting manufacturing operations from cyber-physical attacks. Current IDS analyses data from cyber and physical domains but produces reports separately for cyber domain and physical domain. To utilize connections between cyber and physical alerts, this paper presents a cyber-physical alert correlation method. To evaluate the method, four case studies have been developed and carried out on a CMS testbed. The experimental results demonstrate that the method can effectively reduce the number of false alerts, improve the detection accuracy, and identify root causes.

References

References
1.
Song
,
Z.
, and
Moon
,
Y.
,
2017
, “
Assessing Sustainability Benefits of Cybermanufacturing Systems
,”
Int. J. Adv. Manuf. Technol.
,
90
(
5–8
), pp.
1365
1382
. 10.1007/s00170-016-9428-0
2.
Bitkom
,
V.
,
Vdma
,
V.
, and
Zvei
,
V.
Implementation Strategy Industrie 4.0
,”
2016
.
3.
Chhetri
,
S. R.
,
Canedo
,
A.
, and
Al Faruque
,
M. A.
,
2016
, “
KCAD: Kinetic Cyber-Attack Detection Method for Cyber-Physical Additive Manufacturing Systems
,”
Proceedings of IEEE ACM International Conference on Computer-Aided Design
,
Austin, TX
, pp.
1
8
.
4.
Belikovetsky
,
S.
,
Solewicz
,
Y.
,
Yampolskiy
,
M.
,
Toh
,
J.
, and
Elovici
,
Y.
Detecting Cyber-Physical Attacks in Additive Manufacturing Using Digital Audio Signing
,” arXiv preprint, 2017.
5.
Wu
,
M.
,
Phoha
,
V. V.
,
Moon
,
Y. B.
, and
Belman
,
A. K.
,
2016
, “
Detecting Malicious Defects in 3D Printing Process Using Machine Learning and Image Classification
,”
Proceedings of the ASME 2016 International Mechanical Engineering Congress and Exposition
,
Phoenix, AZ
, pp.
4
9
.
6.
Wu
,
M.
,
Zhou
,
H.
,
Lin
,
L.
,
Silva
,
B.
,
Song
,
Z.
,
Cheung
,
J.
, and
Moon
,
Y. B.
,
2017
, “
Detecting Attacks in CyberManufacturing Systems : Additive Manufacturing Example
,”
Proceedings of the 3rd International Conference on Mechanical, Materials and Manufacturing
,
Savannah, GA
, Vol.
108
, p.
06005
.
7.
Wu
,
M.
,
Song
,
Z.
, and
Moon
,
Y. B.
,
2019
, “
Detecting Cyber-Physical Attacks in CyberManufacturing Systems With Machine Learning Methods
,”
J. Intell. Manuf.
,
30
(
3
), pp.
1111
1123
. 10.1007/s10845-017-1315-5
8.
Vincent
,
H.
,
Wells
,
L.
,
Tarazaga
,
P.
, and
Camelio
,
J.
,
2015
, “
Trojan Detection and Side-Channel Analyses for Cyber-Security in Cyber-Physical Manufacturing Systems
,”
Proceedings of the 43rd SME North American Manufacturing Research Conference
,
Charlotte, NC
, Vol.
1
, pp.
77
85
.
9.
Wu
,
M.
,
Song
,
J.
,
Lin
,
L.
,
Aurelle
,
N.
,
Liu
,
Y.
,
Ding
,
B.
,
Song
,
Z.
, and
Moon
,
Y. B.
,
2018
, “
Establishment of Intrusion Detection Testbed for CyberManufacturing Systems
,”
Proceedings of the 46th SME North American Manufacturing Research Conference
,
College Station, TX
, Vol.
26
, pp.
1053
1064
.
10.
Karnouskos
,
S.
,
2011
, “
Stuxnet Worm Impact on Industrial Cyber-Physical System Security
,”
Proceedings of the 37th Annual Conference of the IEEE Industrial Electronics Society
,
Melbourne, Australia
.
11.
Lee
,
R. M.
,
Assante
,
M. J.
, and
Conway
,
T.
,
2014
, SANS ICS 2014.
12.
Sturm
,
L. D.
,
Williams
,
C. B.
,
Camelio
,
J. A.
,
White
,
J.
, and
Parker
,
R.
,
2017
, “
Cyber-Physical Vulnerabilities in Additive Manufacturing Systems
,”
J. Manuf. Syst.
, pp.
154
164
.
13.
Turner
,
H.
,
White
,
J.
,
Camelio
,
J. A.
,
Williams
,
C.
,
Amos
,
B.
, and
Parker
,
R.
,
2015
, “
Bad Parts: Are Our Manufacturing Systems at Risk of Silent Cyberattacks?
,”
IEEE Secur. Priv.
,
13
(
3
), pp.
40
47
. 10.1109/MSP.2015.60
14.
Sturm
,
L. D.
,
Williams
,
C. B.
,
Camelio
,
J. A.
,
White
,
J.
, and
Parker
,
R.
,
2017
, “
Cyber-Physical Vulnerabilities in Additive Manufacturing Systems: A Case Study Attack on the. STL File With Human Subjects
,”
J. Manuf. Syst.
,
44
, pp.
154
164
. 10.1016/j.jmsy.2017.05.007
15.
Yampolskiy
,
M.
,
Skjellum
,
A.
,
Kretzschmar
,
M.
,
Overfelt
,
R. A.
,
Sloan
,
K. R.
, and
Yasinsac
,
A.
,
2016
, “
Using 3D Printers as Weapons
,”
Int. J. Crit. Infrastruct. Prot.
,
14
, pp.
58
71
. 10.1016/j.ijcip.2015.12.004
16.
Belikovetsky
,
S.
,
Yampolskiy
,
M.
,
Toh
,
J.
, and
Elovici
,
Y.
,
2017
, “
dr0wned—Cyber-Physical Attack with Additive Manufacturing
,”
11th USENIX Workshop on Offensive Technologies (WOOT 17)
,
Vancouver, Canada
.
17.
Pan
,
Y.
,
White
,
J.
,
Schmidt
,
D. C.
,
Elhabashy
,
A.
,
Sturm
,
L.
,
Camelio
,
J.
, and
Williams
,
C.
,
2017
, “
Taxonomies for Reasoning About Cyber-Physical Attacks in IoT-Based Manufacturing Systems
,”
Int. J. Interact. Multimed. Artif. Intell.
,
4
(
3
), p.
45
.
18.
Mitchell
,
R.
, and
Chen
,
I.-R.
,
2014
, “
A Survey of Intrusion Detection Techniques for Cyber-Physical Systems
,”
ACM Comput. Surv.
,
46
(
4
), pp.
55:1
55:29
.
19.
Liao
,
H.-J.
,
Richard Lin
,
C.-H.
,
Lin
,
Y.-C.
, and
Tung
,
K.-Y.
,
2013
, “
Intrusion Detection System: A Comprehensive Review
,”
J. Netw. Comput. Appl.
,
36
(
1
), pp.
16
24
. 10.1016/j.jnca.2012.09.004
20.
Debar
,
H.
, “
What is behavior based Intrusion Detection?
,” SANS, 2017, https://www.researchgate.net/publication/228589845_An_Introduction_to_Intrusion-Detection_Systems
21.
Minnick
,
J.
, “
The Biggest Cybersecurity Problems Facing Manufacturing in 2016
,” https://www.manufacturing.net/article/2016/01/biggest-cybersecurity-problems-facing-manufacturing-2016
22.
Hadžiosmanović
,
D.
,
Sommer
,
R.
,
Zambon
,
E.
, and
Hartel
,
P. H.
,
2014
, “
Through the Eye of the PLC
,”
Annual Computer Security Applications Conference
,
Los Angenles, CA
, pp.
126
135
.
23.
Giraldo
,
J.
,
Urbina
,
D.
,
Cardenas
,
A.
,
Valente
,
J.
,
Faisal
,
M.
,
Ruths
,
J.
,
Tippenhauer
,
N. O.
,
Sandberg
,
H.
, and
Candell
,
R.
,
2018
, “
A Survey of Physics-Based Attack Detection in Cyber-Physical Systems
,”
ACM Comput. Surv.
,
51
(
4
), pp.
1
36
. 10.1145/3203245
24.
Wu
,
M.
, and
Moon
,
Y.
,
2018
, “
DACDI (Define, Audit, Correlate, Disclose, and Improve) Framework to Address Cyber-Manufacturing Attacks and Intrusions
,”
Manuf. Lett.
,
15
(
B
), pp.
155
159
. 10.1016/j.mfglet.2017.12.009
25.
Salah
,
S.
,
Maciá-Fernández
,
G.
, and
Díaz-Verdejo
,
J. E.
,
2013
, “
A Model-Based Survey of Alert Correlation Techniques
,”
Comput. Networks
,
57
(
5
), pp.
1289
1317
. 10.1016/j.comnet.2012.10.022
26.
Wu
,
M.
, and
Moon
,
Y. B.
,
2019
, “
Intrusion Detection System for Cyber-Manufacturing System
,”
ASME J. Manuf. Sci. Eng.
,
141
(
3
), p.
031007
. 10.1115/1.4042053
27.
García-Teodoro
,
P.
,
Díaz-Verdejo
,
J.
,
Maciá-Fernández
,
G.
, and
Vázquez
,
E.
,
2009
, “
Anomaly-Based Network Intrusion Detection: Techniques, Systems and Challenges
,”
Comput. Secur.
,
28
(
1–2
), pp.
18
28
. 10.1016/j.cose.2008.08.003
28.
Shittu
,
R.
,
Healing
,
A.
,
Ghanea-Hercock
,
R.
,
Bloomfield
,
R.
, and
Rajarajan
,
M.
,
2015
, “
Intrusion Alert Prioritisation and Attack Detection Using Post-Correlation Analysis
,”
Comput. Secur.
,
50
, pp.
1
15
. 10.1016/j.cose.2014.12.003
29.
Benferhat
,
S.
,
Boudjelida
,
A.
,
Tabia
,
K.
, and
Drias
,
H.
,
2013
, “
An Intrusion Detection and Alert Correlation Approach Based on Revising Probabilistic Classifiers Using Expert Knowledge
,”
Appl. Intell.
,
38
(
4
), pp.
520
540
. 10.1007/s10489-012-0383-7
30.
Valdes
,
A.
, and
Skinner
,
K.
,
2001
, “Probabilistic Alert Correlation,”
Recent Adv. Intrusion Detect.
,
Spinger-Verlag
,
New York, NY
, pp.
54
68
. 10.1007/3-540-45474-8_4
31.
Kumar
,
M.
,
Siddique
,
S.
, and
Noor
,
H.
,
2009
, “
Feature-based Alert Correlation in Security Systems Using Self Organizing Maps
,”
Proceedings of SPIE—The International Society for Optical Engineering
,
Orlando, FL
, Vol.
7344
.
32.
Qin
,
X.
,
2005
,
Dissertation: A Probabilistic-Based Framework for INFOSEC Alert Correlation
,
Georgia Institute of Technology
.
33.
Jie
,
M.
,
Li
,
Z. T.
, and
Li
,
W. M.
,
2008
, “
Real-time Alert Stream Clustering and Correlation for Discovering Attack Strategies
,”
Proceedings of the 5th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD 2008)
,
Shandong, China
, Vol.
4
, pp.
379
384
.
34.
Wu
,
M.
, and
Moon
,
Y.
,
2019
, “
Alert Correlation for Cyber-Manufacturing Intrusion Detection
,”
Proceedings of the 47th SME North American Manufacturing Research Conference.
,
Erie, PA
.
35.
Roesch
,
M.
,
1999
, “
Snort: Lightweight Intrusion Detection for Networks
,”
Proceedings of the 13th Systems Administration Conference
,
Seattle, WA
, pp.
229
238
.
36.
Karthikeyan
,
K. R.
, and
Indra
,
A.
,
2010
, “
Intrusion Detection Tools and Techniques–A Survey
,”
Int. J. Comput. Theory Eng.
,
2
(
6
), pp.
901
906
.
37.
Smith
,
R.
,
Japkowicz
,
N.
,
Dondo
,
M.
, and
Mason
,
P.
,
2008
, “
Using Unsupervised Learning for Network Alert Correlation
,”
Proceedings of the Conference of the Canadian Society for Computational Studies of Intelligence
,
Windsor, Canada
, pp.
308
319
.
38.
Ahmadinejad
,
S. H.
, and
Jalili
,
S.
,
2009
, “
Alert Correlation Using Correlation Probability Estimation and Time Windows
,”
Proceedings of the International Conference on Computer Technologies and Development
,
Kota Kinabalu, Malaysia
, Vol.
2
, pp.
170
175
. http://dx.doi.org/10.1109/ICCTD.2009.22 10.1109/ICCTD.2009.22
39.
Debar
,
H.
,
Curry
,
D.
, and
Feinstein
,
B.
,
2007
, https://tools.ietf.org/html/rfc4765.
40.
Jakobson
,
G.
, and
Weissman
,
M.
,
1995
, “Real-time Telecommunication Network Management: Extending Event Correlation With Temporal Constraints,”
Integrated Network Management IV
,
Springer
,
Boston, MA
, pp.
290
301
.
41.
Bilge
,
L.
, and
Dumitras
,
T.
,
2012
, “
Before We Knew It: An Empirical Study of Zero-Day Attacks in the Real World
,”
Proceedings of the 2012 ACM Conference on Computer and Communications Security CCS’12
,
Raleigh, NC
, pp.
833
844
.
42.
Alnabulsi
,
H.
,
Islam
,
M. R.
, and
Mamun
,
Q.
,
2014
, “
Detecting SQL Injection Attacks Using SNORT IDS
,”
Proceedings of the Asia-Pacific World Congress on Computer Science and Engineering.
,
Nadi, Fiji
.
43.
Wu
,
M.
, and
Moon
,
Y. B.
,
2017
, “
Taxonomy of Cross-Domain Attacks on CyberManufacturing System
,”
Proceedings of the Complex Adaptive Systems Conference
,
Chicago, IL
, Vol.
114
, pp.
367
374
.
44.
Rrushi
,
J.
, and
Kang
,
K. D.
,
2008
, “
CyberRadar: A Regression Analysis Approach to the Identification of Cyber-Physical Mappings in Process Control Systems
,”
Proceedings of the IEEE/ACM Workshop on Embedded Systems Security
,
Atlanta, GA
.
45.
Zeltmann
,
S. E.
,
Gupta
,
N.
,
Tsoutsos
,
N. G.
,
Maniatakos
,
M.
,
Rajendran
,
J.
, and
Karri
,
R.
,
2016
, “
Manufacturing and Security Challenges in 3D Printing
,”
J. Miner. Met. Mater. Soc.
,
68
(
7
), pp.
1872
1881
. 10.1007/s11837-016-1937-7
46.
Song
,
C.
,
Lin
,
F.
,
Ba
,
Z.
,
Ren
,
K.
,
Zhou
,
C.
, and
Xu
,
W.
,
2016
, “
My Smartphone Knows What You Print : Exploring Smartphone-Based Side-Channel Attacks Against 3D Printers
,”
Proceedings of the ACM Conference on Computer and Communications Security (CCS)
,
Vienna, Austria
, pp.
895
907
.
You do not currently have access to this content.