PLCBlockMon: Data Logging and Extraction on PLCs for Cyber Intrusion Detection

Mislav Findrik, Paul Smith, Kevin Quill, Kieran McLaughlin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8402 Downloads (Pure)

Abstract

The threat landscape for industrial control systems is ever-expanding and these systems have proven to be attractive targets for cyber attackers. Programmable Logic Controllers are major components in ICSs and hence need to be well-protected and monitored. By examining the existing research in this field we found that there is a void in comprehensive analysis of data logging and extraction features on industrial devices. However, analysis of these features and evaluation of their applicability for cyber intrusion detection would significantly facilitate their adoption by intrusion detection tools. In order to close the gap, we analyzed the logging and extraction capabilities of the Siemens S7-1200 PLC and HMI panel. We implemented a PLC logic for data logging called PLCBlockMon. In this paper, we provide guidelines for its usage and demonstrate its applicability for cyber intrusion detection in selected scenarios.
Original languageEnglish
Title of host publication5th International Symposium for ICS & SCADA Cyber Security Research 2018: Proceedings
PublisherElectronic Workshops in Computing (eWic)
Pages102-111
Number of pages10
DOIs
Publication statusPublished - Aug 2018
Event5th International Symposium for ICS & SCADA Cyber Security Research 2018 - Hamburg, Germany
Duration: 28 Aug 201830 Aug 2018

Publication series

NameThe eWiC Series
PublisherBCS
ISSN (Print)1477-9358

Conference

Conference5th International Symposium for ICS & SCADA Cyber Security Research 2018
Country/TerritoryGermany
CityHamburg
Period28/08/201830/08/2018

Fingerprint

Dive into the research topics of 'PLCBlockMon: Data Logging and Extraction on PLCs for Cyber Intrusion Detection'. Together they form a unique fingerprint.

Cite this