Industrial Control Systems (ICS) often lack device-level authentication, making them vulnerable to unauthorized access to Programmable Logic Controllers (PLCs). To address this challenge, we propose a lightweight hybrid fingerprinting method, Timing-based Device Fingerprinting (TIDF), for detecting unauthorized PLCs based on communication processing time and clock pulse period. TIDF leverages stable ICS network conditions and inherent PLC hardware characteristics, and integrates these features into a unified system consisting of filtering, training, and anomaly detection modules. By employing Density-Based Spatial Clustering of Applications with Noise (DBSCAN) and One-Class Support Vector Machine (OCSVM), TIDF achieves accurate and efficient classification with low overhead. We evaluate TIDF on real-world data from 13 PLCs, including Siemens and Xinje, and further test its robustness against basic forgery attempts. The results show an anomaly detection rate of 96%, demonstrating the effectiveness of TIDF in detecting unauthorized device access attacks and enhancing ICS security.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

TIDF: Timing-Based Device Fingerprinting for PLCs

  • Lei Xiang,
  • Hao Han

摘要

Industrial Control Systems (ICS) often lack device-level authentication, making them vulnerable to unauthorized access to Programmable Logic Controllers (PLCs). To address this challenge, we propose a lightweight hybrid fingerprinting method, Timing-based Device Fingerprinting (TIDF), for detecting unauthorized PLCs based on communication processing time and clock pulse period. TIDF leverages stable ICS network conditions and inherent PLC hardware characteristics, and integrates these features into a unified system consisting of filtering, training, and anomaly detection modules. By employing Density-Based Spatial Clustering of Applications with Noise (DBSCAN) and One-Class Support Vector Machine (OCSVM), TIDF achieves accurate and efficient classification with low overhead. We evaluate TIDF on real-world data from 13 PLCs, including Siemens and Xinje, and further test its robustness against basic forgery attempts. The results show an anomaly detection rate of 96%, demonstrating the effectiveness of TIDF in detecting unauthorized device access attacks and enhancing ICS security.