Paper Info
Title
PLC-SEIFF: A programmable logic controller security incident forensics framework based on automatic construction of security constraints
Abstract
Over the past two decades, with the SCADA systems connected to corporate networks or the Internet, the programmable logic controller (PLC) have suffered a large-scale and catastrophic network attacks for the controlling and monitoring physical industrial and infrastructure processes in the industrial control networks, due to their crucial character and safe characteristic. However, the PLC‘s inferior computing power, restricted storage capacity, “scan-cycle” operating mode, and client’s violent private demand has made it challenging to find forensics framework with the capacity to depress the storage requirement and enhance practicality and robustness strikingly. In an effort to address these challenges, through the establishing the attack model against PLC in a view of the security incident forensics, this paper proposed a PLC security incident forensics framework named PLC-SEIFF. This framework implemented the automatic construction of security constraints rules from PLC control logic STL program, filtering and identifying of irrelevant incident records according by correlation analysis on the basis of multi-sources data.
Year
DOI
Venue
2020
10.1016/j.cose.2020.101749
Computers & Security
Keywords
DocType
Volume
PLC,Security incidents,Security constraints,Control logic program,Forensics
Journal
92
ISSN
Citations 
PageRank 
0167-4048
1
0.40
References 
Authors
28
6
Name
Order
Citations
PageRank
Lijuan Xu173.64
Bailing Wang256.94
Lianhai Wang34110.98
Dawei Zhao419320.38
Xiaohui Han5175.41
Shumian Yang621.08