Using deception to facilitate intrusion detection in nuclear power plants

Julian Rushi, Roy Campbell

Research output: Contribution to conferencePaper

Abstract

In this paper we propose reactor mirage theory as a deception-based intrusion detection approach for digital I&C systems in nuclear power plants (NPPs). We draw from military deception techniques based on simulation of physical targets such as troops, radar-equipped air defense installations, tanks, bridges, airfields, etc. We propose the employment of genuine digital I&C systems to simulate physical components of a NPP via generation of Modbus protocol data units (PDUs) typical to the operation of these components. Communicating finite state machines are used to generate and recognize such deceptive PDUs. Artificially generated Modbus traffic is the reactor mirage theory counterpart of electromagnetic beam reflections, heat emitters, etc., commonly used as deceptive mechanisms by the military in warfare to indicate the existence of physical targets. These deceptive PDUs produce a drastic incrementation of the uncertainty which attackers may be subject to during the selection of target NPP components they plan to hit, hence increase by a high order of magnitude the probability of detection of attacks on NPP components.

Original languageEnglish (US)
Pages315-324
Number of pages10
StatePublished - Jan 1 2008
Event3rd International Conference on Information Warfare and Security, ICIW 2008 - Omaha, NE, United States
Duration: Apr 24 2008Apr 25 2008

Other

Other3rd International Conference on Information Warfare and Security, ICIW 2008
CountryUnited States
CityOmaha, NE
Period4/24/084/25/08

Fingerprint

Intrusion detection
Nuclear power plants
Network protocols
Military operations
Finite automata
Radar
Air

Keywords

  • Digital I&C systems
  • Intrusion detection
  • MILDEC
  • Nuclear power plants
  • Reactor mirage theory
  • Signal detection theory

ASJC Scopus subject areas

  • Information Systems
  • Safety, Risk, Reliability and Quality

Cite this

Rushi, J., & Campbell, R. (2008). Using deception to facilitate intrusion detection in nuclear power plants. 315-324. Paper presented at 3rd International Conference on Information Warfare and Security, ICIW 2008, Omaha, NE, United States.

Using deception to facilitate intrusion detection in nuclear power plants. / Rushi, Julian; Campbell, Roy.

2008. 315-324 Paper presented at 3rd International Conference on Information Warfare and Security, ICIW 2008, Omaha, NE, United States.

Research output: Contribution to conferencePaper

Rushi, J & Campbell, R 2008, 'Using deception to facilitate intrusion detection in nuclear power plants', Paper presented at 3rd International Conference on Information Warfare and Security, ICIW 2008, Omaha, NE, United States, 4/24/08 - 4/25/08 pp. 315-324.
Rushi J, Campbell R. Using deception to facilitate intrusion detection in nuclear power plants. 2008. Paper presented at 3rd International Conference on Information Warfare and Security, ICIW 2008, Omaha, NE, United States.
Rushi, Julian ; Campbell, Roy. / Using deception to facilitate intrusion detection in nuclear power plants. Paper presented at 3rd International Conference on Information Warfare and Security, ICIW 2008, Omaha, NE, United States.10 p.
@conference{01508b207ac24f099080bc8a6b4ef2fc,
title = "Using deception to facilitate intrusion detection in nuclear power plants",
abstract = "In this paper we propose reactor mirage theory as a deception-based intrusion detection approach for digital I&C systems in nuclear power plants (NPPs). We draw from military deception techniques based on simulation of physical targets such as troops, radar-equipped air defense installations, tanks, bridges, airfields, etc. We propose the employment of genuine digital I&C systems to simulate physical components of a NPP via generation of Modbus protocol data units (PDUs) typical to the operation of these components. Communicating finite state machines are used to generate and recognize such deceptive PDUs. Artificially generated Modbus traffic is the reactor mirage theory counterpart of electromagnetic beam reflections, heat emitters, etc., commonly used as deceptive mechanisms by the military in warfare to indicate the existence of physical targets. These deceptive PDUs produce a drastic incrementation of the uncertainty which attackers may be subject to during the selection of target NPP components they plan to hit, hence increase by a high order of magnitude the probability of detection of attacks on NPP components.",
keywords = "Digital I&C systems, Intrusion detection, MILDEC, Nuclear power plants, Reactor mirage theory, Signal detection theory",
author = "Julian Rushi and Roy Campbell",
year = "2008",
month = "1",
day = "1",
language = "English (US)",
pages = "315--324",
note = "3rd International Conference on Information Warfare and Security, ICIW 2008 ; Conference date: 24-04-2008 Through 25-04-2008",

}

TY - CONF

T1 - Using deception to facilitate intrusion detection in nuclear power plants

AU - Rushi, Julian

AU - Campbell, Roy

PY - 2008/1/1

Y1 - 2008/1/1

N2 - In this paper we propose reactor mirage theory as a deception-based intrusion detection approach for digital I&C systems in nuclear power plants (NPPs). We draw from military deception techniques based on simulation of physical targets such as troops, radar-equipped air defense installations, tanks, bridges, airfields, etc. We propose the employment of genuine digital I&C systems to simulate physical components of a NPP via generation of Modbus protocol data units (PDUs) typical to the operation of these components. Communicating finite state machines are used to generate and recognize such deceptive PDUs. Artificially generated Modbus traffic is the reactor mirage theory counterpart of electromagnetic beam reflections, heat emitters, etc., commonly used as deceptive mechanisms by the military in warfare to indicate the existence of physical targets. These deceptive PDUs produce a drastic incrementation of the uncertainty which attackers may be subject to during the selection of target NPP components they plan to hit, hence increase by a high order of magnitude the probability of detection of attacks on NPP components.

AB - In this paper we propose reactor mirage theory as a deception-based intrusion detection approach for digital I&C systems in nuclear power plants (NPPs). We draw from military deception techniques based on simulation of physical targets such as troops, radar-equipped air defense installations, tanks, bridges, airfields, etc. We propose the employment of genuine digital I&C systems to simulate physical components of a NPP via generation of Modbus protocol data units (PDUs) typical to the operation of these components. Communicating finite state machines are used to generate and recognize such deceptive PDUs. Artificially generated Modbus traffic is the reactor mirage theory counterpart of electromagnetic beam reflections, heat emitters, etc., commonly used as deceptive mechanisms by the military in warfare to indicate the existence of physical targets. These deceptive PDUs produce a drastic incrementation of the uncertainty which attackers may be subject to during the selection of target NPP components they plan to hit, hence increase by a high order of magnitude the probability of detection of attacks on NPP components.

KW - Digital I&C systems

KW - Intrusion detection

KW - MILDEC

KW - Nuclear power plants

KW - Reactor mirage theory

KW - Signal detection theory

UR - http://www.scopus.com/inward/record.url?scp=84878712957&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84878712957&partnerID=8YFLogxK

M3 - Paper

AN - SCOPUS:84878712957

SP - 315

EP - 324

ER -