Identification of ICS Security Risks toward the Analysis of Packet Interaction Characteristics Using State Sequence Matching Based on SF-FSM

الملخص EN

This paper discusses two aspects of major risks related to the cyber security of an industrial control system (ICS), including the exploitation of the vulnerabilities of legitimate communication parties and the features abused by unauthorized parties.

We propose a novel framework for exposing the above two types of risks.

A state fusion finite state machine (SF-FSM) model is defined to describe multiple request-response packet pair sequence signatures of various applications using the same protocol.

An inverted index of keywords in an industrial protocol is also proposed to accomplish fast state sequence matching.

Then we put forward the concept of scenario reconstruction, using state sequence matching based on SF-FSM, to present the known vulnerabilities corresponding to applications of a specific type and version by identifying the packet interaction characteristics from the data flow in the supervisory control layer network.

We also implement an anomaly detection approach to identifying illegal access using state sequence matching based on SF-FSM.

An anomaly is asserted if none of the state sequence signatures in the SF-FSM is matched with a packet flow.

Ultimately, an example based on industrial protocols is demonstrated by a prototype system to validate the methods of scenario reconstruction and anomaly detection.