Team for Research in
Ubiquitous Secure Technology

Using Deception to Facilitate Intrusion Detection in Nuclear Power Plants
Julian L. Rrushi, Roy Campbell

Citation
Julian L. Rrushi, Roy Campbell. "Using Deception to Facilitate Intrusion Detection in Nuclear Power Plants". 3rd International Conference on Information Warfare and Security, William Mahoney, Peter Kiewit Institute, University of Nebraska, Omaha, USA; Edwin Leigh Armistead, Edith Cowan University, Australia (eds.), Peter Kiewit Institute, University of Nebraska Omaha, USA, April, 2008.

Abstract
In this paper we propose reactor mirage theory as a deception-based intrusion detection approach for digital I&C systems in nuclear power plants (NPPs). We draw from military deception techniques based on simulation of physical targets such as troops, radar-equipped air defense installations, tanks, bridges, airfields, etc. We propose the employment of genuine digital I&C systems to simulate physical components of a NPP via generation of Modbus protocol data units (PDUs) typical to the operation of these components. Communicating finite state machines are used to generate and recognize such deceptive PDUs. Artificially generated Modbus traffic is the reactor mirage theory counterpart of electromagnetic beam reflections, heat emitters, etc., commonly used as deceptive mechanisms by the military in warfare to indicate the existence of physical targets. These deceptive PDUs produce a drastic incrementation of the uncertainty which attackers may be subject to during the selection of target NPP components they plan to hit, hence increase by a high order of magnitude the probability of detection of attacks on NPP components.

Electronic downloads

Citation formats  
  • HTML
    Julian L. Rrushi, Roy Campbell. <a
    href="http://www.truststc.org/pubs/409.html"
    >Using Deception to Facilitate Intrusion Detection in
    Nuclear Power Plants</a>, 3rd International Conference
    on Information Warfare and Security, William Mahoney, Peter
    Kiewit Institute, University  of Nebraska, Omaha, USA; Edwin
    Leigh Armistead, Edith Cowan University, Australia (eds.),
    Peter Kiewit Institute, University of Nebraska Omaha, USA,
    April, 2008.
  • Plain text
    Julian L. Rrushi, Roy Campbell. "Using Deception to
    Facilitate Intrusion Detection in Nuclear Power
    Plants". 3rd International Conference on Information
    Warfare and Security, William Mahoney, Peter Kiewit
    Institute, University  of Nebraska, Omaha, USA; Edwin Leigh
    Armistead, Edith Cowan University, Australia (eds.), Peter
    Kiewit Institute, University of Nebraska Omaha, USA, April,
    2008.
  • BibTeX
    @inproceedings{RrushiCampbell08_UsingDeceptionToFacilitateIntrusionDetectionInNuclear,
        author = {Julian L. Rrushi and Roy Campbell},
        title = {Using Deception to Facilitate Intrusion Detection
                  in Nuclear Power Plants},
        booktitle = {3rd International Conference on Information
                  Warfare and Security},
        editor = {William Mahoney, Peter Kiewit Institute,
                  University  of Nebraska, Omaha, USA; Edwin Leigh
                  Armistead, Edith Cowan University, Australia},
        organization = {Peter Kiewit Institute, University of Nebraska
                  Omaha, USA},
        month = {April},
        year = {2008},
        abstract = {In this paper we propose reactor mirage theory as
                  a deception-based intrusion detection approach for
                  digital I\&C systems in nuclear power plants
                  (NPPs). We draw from military deception techniques
                  based on simulation of physical targets such as
                  troops, radar-equipped air defense installations,
                  tanks, bridges, airfields, etc. We propose the
                  employment of genuine digital I\&C systems to
                  simulate physical components of a NPP via
                  generation of Modbus protocol data units (PDUs)
                  typical to the operation of these components.
                  Communicating finite state machines are used to
                  generate and recognize such deceptive PDUs.
                  Artificially generated Modbus traffic is the
                  reactor mirage theory counterpart of
                  electromagnetic beam reflections, heat emitters,
                  etc., commonly used as deceptive mechanisms by the
                  military in warfare to indicate the existence of
                  physical targets. These deceptive PDUs produce a
                  drastic incrementation of the uncertainty which
                  attackers may be subject to during the selection
                  of target NPP components they plan to hit, hence
                  increase by a high order of magnitude the
                  probability of detection of attacks on NPP
                  components. },
        URL = {http://www.truststc.org/pubs/409.html}
    }
    

Posted by Julian L. Rrushi on 10 Jun 2008.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.