Processing

Please wait...

Settings

Settings

Goto Application

1. WO2022015246 - METHOD AND SYSTEM FOR CHARACTERISING A PROGRAMMABLE LOGIC CONTROLLER (PLC) AND/OR ATTACK DETECTION IN A NETWORKED CONTROL SYSTEM

Publication Number WO/2022/015246
Publication Date 20.01.2022
International Application No. PCT/SG2021/050415
International Filing Date 15.07.2021
IPC
G05B 19/05 2006.1
GPHYSICS
05CONTROLLING; REGULATING
BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
19Programme-control systems
02electric
04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
05Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
G06F 21/57 2013.1
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
H04L 12/00 2006.1
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
12Data switching networks
G06N 20/00 2019.1
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
NCOMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
20Machine learning
CPC
G05B 19/05
GPHYSICS
05CONTROLLING; REGULATING
BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
19Programme-control systems
02electric
04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
05Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
G06F 21/554
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
554involving event detection and direct action
G06N 20/10
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
NCOMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
20Machine learning
10using kernel methods, e.g. support vector machines [SVM]
H04L 12/00
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
12Data switching networks
H04L 63/1425
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1408by monitoring network traffic
1425Traffic logging, e.g. anomaly detection
Applicants
  • SINGAPORE UNIVERSITY OF TECHNOLOGY AND DESIGN [SG]/[SG]
Inventors
  • AHMED, Chuadhry Mujeeb
  • ZHOU, Jianying
Agents
  • VIERING, JENTSCHURA & PARTNER LLP
Priority Data
10202006737U15.07.2020SG
Publication Language English (en)
Filing Language English (EN)
Designated States
Title
(EN) METHOD AND SYSTEM FOR CHARACTERISING A PROGRAMMABLE LOGIC CONTROLLER (PLC) AND/OR ATTACK DETECTION IN A NETWORKED CONTROL SYSTEM
(FR) PROCÉDÉ ET SYSTÈME POUR CARACTÉRISER UN AUTOMATE PROGRAMMABLE INDUSTRIEL (API) ET/OU UNE DÉTECTION D'ATTAQUE DANS UN SYSTÈME DE COMMANDE EN RÉSEAU
Abstract
(EN) There is provided a method of characterising a programmable logic controller (PLC) in a networked control system. The networked control system includes a plurality of programmable logic controllers (PLCs), including the above-mentioned PLC, and a communication network layer based on which the plurality of PLCs communicate with each other. The method includes: obtaining network traffic data from the communication network layer; determining scan cycle related timing profile information associated with the PLC based on the network traffic data obtained; and generating characterising information associated with the PLC based on the determined scan cycle related timing profile information for characterising the PLC. There is also provided a corresponding method of attack detection in the networked control system, including detecting whether the networked control system is subject to an attack in relation to the PLC based on second characterising information associated with the PLC and reference characterising information associated with the PLC. There is further provided a corresponding system for characterising a PLC and/or attack detection in a networked control system.
(FR) L'invention concerne un procédé de caractérisation d'un automate programmable industriel (API) dans un système de commande en réseau. Le système de commande en réseau comprend plusieurs automates programmables industriels (API), comprenant l'API mentionné ci-dessus et une couche de réseau de communication sur la base de laquelle les multiples API communiquent les uns avec les autres. Le procédé consiste : à obtenir des données de trafic de réseau à partir de la couche de réseau de communication; à déterminer des informations de profil de synchronisation liées au cycle de balayage associées à l'API sur la base des données de trafic de réseau obtenues; et à générer des informations de caractérisation associées à l'API sur la base des informations de profil de synchronisation liées au cycle de balayage déterminées pour caractériser l'API. L'invention concerne également un procédé correspondant de détection d'attaque dans le système de commande en réseau, consistant à détecter si le système de commande en réseau est soumis à une attaque par rapport à l'API sur la base de secondes informations de caractérisation associées à l'API et à des informations de caractérisation de référence associées à l'API. L'invention concerne en outre un système correspondant pour caractériser un API et/ou une détection d'attaque dans un système de commande en réseau.
Latest bibliographic data on file with the International Bureau