Open Access
ARTICLE
Programmable Logic Controller Block Monitoring System for Memory Attack Defense in Industrial Control Systems
1 Department of Information Security, Gachon University, Seongnam, 13120, Korea
2 Police Science Institute, Korean National Police University, Asan, 31539, Korea
3 Department of Computer Engineering, Gachon University, Seongnam, 13120, Korea
* Corresponding Author: Jung Taek Seo. Email:
(This article belongs to the Special Issue: Cybersecurity for Cyber-attacks in Critical Applications in Industry)
Computers, Materials & Continua 2023, 77(2), 2427-2442. https://doi.org/10.32604/cmc.2023.041774
Received 05 May 2023; Accepted 05 September 2023; Issue published 29 November 2023
Abstract
Cyberattacks targeting industrial control systems (ICS) are becoming more sophisticated and advanced than in the past. A programmable logic controller (PLC), a core component of ICS, controls and monitors sensors and actuators in the field. However, PLC has memory attack threats such as program injection and manipulation, which has long been a major target for attackers, and it is important to detect these attacks for ICS security. To detect PLC memory attacks, a security system is required to acquire and monitor PLC memory directly. In addition, the performance impact of the security system on the PLC makes it difficult to apply to the ICS. To address these challenges, this paper proposes a system to detect PLC memory attacks by continuously acquiring and monitoring PLC memory. The proposed system detects PLC memory attacks by acquiring the program blocks and block information directly from the same layer as the PLC and then comparing them in bytes with previous data. Experiments with Siemens S7-300 and S7-400 PLC were conducted to evaluate the PLC memory detection performance and performance impact on PLC. The experimental results demonstrate that the proposed system detects all malicious organization block (OB) injection and data block (DB) manipulation, and the increment of PLC cycle time, the impact on PLC performance, was less than 1 ms. The proposed system detects PLC memory attacks with a simpler detection method than earlier studies. Furthermore, the proposed system can be applied to ICS with a small performance impact on PLC.Keywords
Cite This Article
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.