The Experts below are selected from a list of 321 Experts worldwide ranked by ideXlab platform
Irfan Ahmed - One of the best experts on this subject based on the ideXlab platform.
-
ISC - Automated Reconstruction of Control Logic for Programmable Logic Controller Forensics.
Lecture Notes in Computer Science, 2019Co-Authors: Syed Ali Qasim, Juan Lopezjr., Irfan AhmedAbstract:This paper presents Similo, an automated scalable framework for Control Logic forensics in industrial Control systems. Similo is designed to investigate denial of engineering operations (DEO) attacks, recently demonstrated to hide malicious Control Logic in a programmable Logic Controller (PLC) at field sites from an engineering software (at Control center). The network traffic (if captured) contains substantial evidence to investigate DEO attacks including manipulation of Control Logic. Laddis, a state-of-the-art forensic approach for DEO attacks, is a binary-Logic decompiler for the Allen-Bradley’s RSLogix engineering software and MicroLogix 1400 PLC. It is developed with extensive manual reverse engineering effort of the underlying proprietary network protocol and the binary Control Logic. Unfortunately, Laddis is not scalable and requires similar efforts to extend on other engineering software/PLCs. The proposed solution, Similo, is based on the observation that engineering software of different vendors are equipped with decompilers. Similo is a virtual-PLC framework that integrates the decompilers with their respective (previously-captured) ICS network traffic of Control Logic. It recovers the binary Logic into a high-level source code (of the programming languages defined by IEC 61131-3 standard) automatically. Similo can work with both proprietary/open protocols without requiring protocol specifications and the binary formats of Control Logic. Thus, it is scalable to different ICS vendors. We evaluate Similo on three PLCs of two ICS vendors, i.e. MicroLogix 1400, MicroLogix 1100, and Modicon M221. These PLCs support proprietary protocols and the Control Logics written in two programming languages: Ladder Logic and Instruction List. The evaluation results show that Similo can accurately reconstruct a Control Logic from an ICS network traffic and can be used to investigate the DEO attacks effectively.
-
DIMVA - Overshadow PLC to Detect Remote Control-Logic Injection Attacks
Detection of Intrusions and Malware and Vulnerability Assessment, 2019Co-Authors: Hyunguk Yoo, Sushma Kalle, Jared M. Smith, Irfan AhmedAbstract:Programmable Logic Controllers (PLCs) in industrial Control systems (ICS) are vulnerable to remote Control Logic injection attacks. Attackers target the Control Logic of a PLC to manipulate the behavior of a physical process such as nuclear plants, power grids, and gas pipelines. Control Logic attacks have been studied extensively in the literature, including hiding the transfer of a Control Logic over the network from both packet header-based signatures, and deep packet inspection. For instance, these attacks transfer a Control Logic code as data, into small fragments (one-byte per packet), that are further padded with noise data. To detect Control Logic in ICS network traffic, this paper presents Shade, a novel shadow memory technique that observes the network traffic to maintain a local copy of the current state of a PLC memory. To analyze the memory contents, Shade employs a classification algorithm with 42 unique features categorized into five types at different semantic levels of a Control Logic code, such as number of rungs, number of consecutive decompiled instructions, and n-grams. We then evaluate Shade against Control Logic injection attacks on two PLCs, Modicon M221 and MicroLogix 1400 from two ICS vendors, Schneider electric and Allen-Bradley, respectively. The evaluation results show that Shade can detect an attack instance (i.e., identifying at least one attack packet during the transfer of a malicious Control Logic) accurately without any false alarms.
-
SEC - Control Logic Injection Attacks on Industrial Control Systems
ICT Systems Security and Privacy Protection, 2019Co-Authors: Hyunguk Yoo, Irfan AhmedAbstract:Remote Control-Logic injection attacks on programmable Logic Controllers (PLCs) impose critical threats to industrial Control system (ICS) environments. For instance, Stuxnet infects the Control Logic of a Siemens S7-300 PLC to sabotage nuclear plants. Several Control Logic injection attacks have been studied in the past. However, they focus on the development and infection of PLC Control Logic and do not consider the stealthy methods of transferring the Logic to a PLC over the network. This paper is the first effort to explore the packet manipulation of Control Logic to achieve stealthiness without modifying PLC firmware to support new (obfuscation) functionality. It presents two new Control Logic injection attacks: (1) Data Execution and (2) Fragmentation and Noise Padding. Data Execution attack subverts signatures (based-on packet-header fields) by transferring Control Logic to the data blocks of a PLC and then, changes the PLC’s system Control flow to execute the attacker’s Logic. Fragmentation and Noise Padding attack subverts deep packet inspection (DPI) by appending a sequence of padding bytes in Control Logic packets while keeping the size of the attacker’s Logic in packet payloads significantly small. We implement the attacks on two industry-scale PLCs of different vendors and demonstrate that these attacks can subvert intrusion detection methods successfully, such as signature-based intrusion detection and Anagram-based DPI. We also release the training and attack datasets to facilitate research in this direction.
-
Overshadow PLC to Detect Remote Control-Logic Injection Attacks
Detection of Intrusions and Malware and Vulnerability Assessment, 2019Co-Authors: Hyunguk Yoo, Sushma Kalle, Jared Smith, Irfan AhmedAbstract:Programmable Logic Controllers (PLCs) in industrial Control systems (ICS) are vulnerable to remote Control Logic injection attacks. Attackers target the Control Logic of a PLC to manipulate the behavior of a physical process such as nuclear plants, power grids, and gas pipelines. Control Logic attacks have been studied extensively in the literature, including hiding the transfer of a Control Logic over the network from both packet header-based signatures, and deep packet inspection. For instance, these attacks transfer a Control Logic code as data, into small fragments (one-byte per packet), that are further padded with noise data. To detect Control Logic in ICS network traffic, this paper presents Shade, a novel shadow memory technique that observes the network traffic to maintain a local copy of the current state of a PLC memory. To analyze the memory contents, Shade employs a classification algorithm with 42 unique features categorized into five types at different semantic levels of a Control Logic code, such as number of rungs, number of consecutive decompiled instructions, and n-grams. We then evaluate Shade against Control Logic injection attacks on two PLCs, Modicon M221 and MicroLogix 1400 from two ICS vendors, Schneider electric and Allen-Bradley, respectively. The evaluation results show that Shade can detect an attack instance (i.e., identifying at least one attack packet during the transfer of a malicious Control Logic) accurately without any false alarms.
Sooyoung Kim - One of the best experts on this subject based on the ideXlab platform.
-
application of Control Logic for optimum indoor thermal environment in buildings with double skin envelope systems
Energy and Buildings, 2014Co-Authors: Jin Woo Moon, Jihyun Lee, Sooyoung KimAbstract:Abstract This study proposes an effective thermal Control method for thermally comfortable and energy-efficient environments in buildings with double skin envelopes. Four rule-based Control Logics and an artificial neural network (ANN)-based Control Logic were developed for the integrated Control of openings and cooling systems in summer. Using numerical computer simulations, the performance of the proposed Control Logics was comparatively tested in terms of thermal performance and energy efficiency. Analysis results imply that the more detailed rules of thermal Control Logic were effective to maintain the indoor temperature conditions within comfortable ranges. The ANN-based predictive and adaptive Control Logic presented its potential as an advanced temperature Control method with an increased temperature comfort period, decreased standard deviation of temperature from the center of the comfortable range, and decreased number and ratio of overshoots and undershoots out of the comfort range. The additional rules embedded for Control Logic or ANN applications yielded a more comfortable temperature environment in an integrated manner according to the properly designed operations of envelope openings and the cooling system. However, Logics with additional rules and ANN models consumed more energy for space cooling. Therefore, the rule-based Controls with advanced Logics or an ANN model are required in case occupant comfort is a primary factor to be satisfied. In other cases, the simple rule-based Logic is effectively applied.
-
development of an artificial neural network model based thermal Control Logic for double skin envelopes in winter
Building and Environment, 2013Co-Authors: Jin Woo Moon, Sung Hoon Yoon, Sooyoung KimAbstract:Abstract This study proposes an Artificial Neural Network (ANN)-based thermal Control method for double skin envelope buildings in winter. A thermal Control Logic for Controlling heating systems and openings on the internal and external envelopes of a double skin building was developed using the ANN-based predictive and adaptive Control model. Employing the predicted values for the future indoor air temperature (i.e., the air temperature rise or drop by the next Control cycle), the Control Logic predetermines the operation of the heating system and the opening conditions of internal and external envelopes of a double skin building. After the parametrical optimization of the initial ANN model, the performance of the optimized ANN model was tested for prediction accuracy and adaptability using the data measured from an actual double-skinned envelope building. The analysis results revealed that the ANN model proved its prediction accuracy and adaptability for the different climate conditions and envelope orientations. The developed Control Logic and model in this study are effectively applied for thermal Control of double skinned envelope buildings.
Jin Woo Moon - One of the best experts on this subject based on the ideXlab platform.
-
application of Control Logic for optimum indoor thermal environment in buildings with double skin envelope systems
Energy and Buildings, 2014Co-Authors: Jin Woo Moon, Jihyun Lee, Sooyoung KimAbstract:Abstract This study proposes an effective thermal Control method for thermally comfortable and energy-efficient environments in buildings with double skin envelopes. Four rule-based Control Logics and an artificial neural network (ANN)-based Control Logic were developed for the integrated Control of openings and cooling systems in summer. Using numerical computer simulations, the performance of the proposed Control Logics was comparatively tested in terms of thermal performance and energy efficiency. Analysis results imply that the more detailed rules of thermal Control Logic were effective to maintain the indoor temperature conditions within comfortable ranges. The ANN-based predictive and adaptive Control Logic presented its potential as an advanced temperature Control method with an increased temperature comfort period, decreased standard deviation of temperature from the center of the comfortable range, and decreased number and ratio of overshoots and undershoots out of the comfort range. The additional rules embedded for Control Logic or ANN applications yielded a more comfortable temperature environment in an integrated manner according to the properly designed operations of envelope openings and the cooling system. However, Logics with additional rules and ANN models consumed more energy for space cooling. Therefore, the rule-based Controls with advanced Logics or an ANN model are required in case occupant comfort is a primary factor to be satisfied. In other cases, the simple rule-based Logic is effectively applied.
-
development of an artificial neural network model based thermal Control Logic for double skin envelopes in winter
Building and Environment, 2013Co-Authors: Jin Woo Moon, Sung Hoon Yoon, Sooyoung KimAbstract:Abstract This study proposes an Artificial Neural Network (ANN)-based thermal Control method for double skin envelope buildings in winter. A thermal Control Logic for Controlling heating systems and openings on the internal and external envelopes of a double skin building was developed using the ANN-based predictive and adaptive Control model. Employing the predicted values for the future indoor air temperature (i.e., the air temperature rise or drop by the next Control cycle), the Control Logic predetermines the operation of the heating system and the opening conditions of internal and external envelopes of a double skin building. After the parametrical optimization of the initial ANN model, the performance of the optimized ANN model was tested for prediction accuracy and adaptability using the data measured from an actual double-skinned envelope building. The analysis results revealed that the ANN model proved its prediction accuracy and adaptability for the different climate conditions and envelope orientations. The developed Control Logic and model in this study are effectively applied for thermal Control of double skinned envelope buildings.
D. W. Childs - One of the best experts on this subject based on the ideXlab platform.
-
Optimal direction-cosine attitude-Control Logic for spin-stabilized axisymmetric spacecraft
2011Co-Authors: D. W. ChildsAbstract:Optimal direction-cosine attitude Control Logic for spin stabilized axisymmetric spacecraft
Jacob Savir - One of the best experts on this subject based on the ideXlab platform.
-
Random pattern testability of memory Control Logic
IEEE Transactions on Computers, 1998Co-Authors: Jacob SavirAbstract:This paper analyzes the random pattern testability of faults in the Control Logic of an embedded memory. We show how to compute exposure probabilities of these faults using mostly signal probability computations. We also show that the hardest memory Control Logic fault to detect is not necessarily the one with the lowest detection probability at the memory boundary.
-
VTS - Random pattern testability of memory Control Logic
Proceedings. 15th IEEE VLSI Test Symposium (Cat. No.97TB100125), 1Co-Authors: Jacob SavirAbstract:This paper analyzes the random pattern testability of faults in the Control Logic of an embedded memory. We show how to compute exposure probabilities of these faults using mostly signal probability computations. We also show that the hardest memory Control Logic fault to detect is not necessarily the one with the lowest detection probability at the memory boundary.
