TY - GEN
T1 - ICSML
T2 - 9th ACM ASIA Conference on Cyber-Physical System Security Workshop, CPSS 2023
AU - Doumanidis, Constantine
AU - Rajput, Prashant Hari Narayan
AU - Maniatakos, Michail
N1 - Publisher Copyright:
© 2023 ACM.
PY - 2023/7/10
Y1 - 2023/7/10
N2 - Industrial Control Systems (ICS) have played a catalytic role in enabling the 4th Industrial Revolution. ICS devices like Programmable Logic Controllers (PLCs), automate, monitor, and control critical processes in industrial, energy, and commercial environments. The convergence of traditional Operational Technology (OT) with Information Technology (IT) has opened a new and unique threat landscape. This has inspired defense research that focuses heavily on Machine Learning (ML) based anomaly detection methods that run on external IT hardware, which means an increase in costs and the further expansion of the threat landscape. To remove this requirement, we introduce the ICS machine learning inference framework (ICSML) which enables executing ML model inference natively on the PLC. ICSML is implemented in IEC 61131-3 code and provides several optimizations to bypass the limitations imposed by the domain-specific languages. Therefore, it works on every PLC without the need for vendor support. ICSML provides a complete set of components for creating full ML models similarly to established ML frameworks. We run a series of benchmarks studying memory and performance, and compare our solution to the TFLite inference framework. At the same time, we develop domain-specific model optimizations to improve the efficiency of ICSML. To demonstrate the abilities of ICSML, we evaluate a case study of a real defense for process-aware attacks targeting a desalination plant.
AB - Industrial Control Systems (ICS) have played a catalytic role in enabling the 4th Industrial Revolution. ICS devices like Programmable Logic Controllers (PLCs), automate, monitor, and control critical processes in industrial, energy, and commercial environments. The convergence of traditional Operational Technology (OT) with Information Technology (IT) has opened a new and unique threat landscape. This has inspired defense research that focuses heavily on Machine Learning (ML) based anomaly detection methods that run on external IT hardware, which means an increase in costs and the further expansion of the threat landscape. To remove this requirement, we introduce the ICS machine learning inference framework (ICSML) which enables executing ML model inference natively on the PLC. ICSML is implemented in IEC 61131-3 code and provides several optimizations to bypass the limitations imposed by the domain-specific languages. Therefore, it works on every PLC without the need for vendor support. ICSML provides a complete set of components for creating full ML models similarly to established ML frameworks. We run a series of benchmarks studying memory and performance, and compare our solution to the TFLite inference framework. At the same time, we develop domain-specific model optimizations to improve the efficiency of ICSML. To demonstrate the abilities of ICSML, we evaluate a case study of a real defense for process-aware attacks targeting a desalination plant.
KW - anomaly detection
KW - framework
KW - industrial control systems
KW - machine learning
UR - http://www.scopus.com/inward/record.url?scp=85167946471&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85167946471&partnerID=8YFLogxK
U2 - 10.1145/3592538.3594272
DO - 10.1145/3592538.3594272
M3 - Conference contribution
AN - SCOPUS:85167946471
T3 - CPSS 2023 - Proceedings of the 9th ACM ASIA Conference on Cyber-Physical System Security Workshop
SP - 60
EP - 71
BT - CPSS 2023 - Proceedings of the 9th ACM ASIA Conference on Cyber-Physical System Security Workshop
PB - Association for Computing Machinery, Inc
Y2 - 10 July 2023
ER -