Defending malicious attacks in Cyber Physical Systems

An increasing number of security incidents on industrial control systems drew a lot of concerns lately. Many attacks involved multiple attack vectors similar to internet attacks. However, CPS are more vulnerable to attacks. To evade detection, a hacker may apply multiple attack stages to gain the access to a control system. For example, he first employs a group of zombies (compromised machines) to identify the vulnerabilities of the target system and the findings would send back to the hacker through a communication channel. Once the correct access information is found by the zombies, the hacker could gain unauthorized access without violating any detection rules. The control system may be compromised by such multi-stage attacks and an appropriate defense mechanism is desired. In order to detect the sequence of such attack, this study correlates network information and system logs to find the stages of the attack. Finite state model, hidden Markov chain, is adopted to identify the multi-stage attacks and to prevent real damage. The results show that the proposed system can identify the multi-stage attacks in the early stage efficiently to prevent further damage in the networks.