Using Deception to Facilitate Intrusion Detection in Nuclear Power Plants

Using Deception to Facilitate Intrusion Detection in Nuclear Power Plants
Julian L. Rrushi, Roy Campbell

Citation
Julian L. Rrushi, Roy Campbell. "Using Deception to Facilitate Intrusion Detection in Nuclear Power Plants". 3rd International Conference on Information Warfare and Security, William Mahoney, Peter Kiewit Institute, University of Nebraska, Omaha, USA; Edwin Leigh Armistead, Edith Cowan University, Australia (eds.), Peter Kiewit Institute, University of Nebraska Omaha, USA, April, 2008.

Abstract
In this paper we propose reactor mirage theory as a deception-based intrusion detection approach for digital I&C systems in nuclear power plants (NPPs). We draw from military deception techniques based on simulation of physical targets such as troops, radar-equipped air defense installations, tanks, bridges, airfields, etc. We propose the employment of genuine digital I&C systems to simulate physical components of a NPP via generation of Modbus protocol data units (PDUs) typical to the operation of these components. Communicating finite state machines are used to generate and recognize such deceptive PDUs. Artificially generated Modbus traffic is the reactor mirage theory counterpart of electromagnetic beam reflections, heat emitters, etc., commonly used as deceptive mechanisms by the military in warfare to indicate the existence of physical targets. These deceptive PDUs produce a drastic incrementation of the uncertainty which attackers may be subject to during the selection of target NPP components they plan to hit, hence increase by a high order of magnitude the probability of detection of attacks on NPP components.

Electronic downloads

ICIW-RMT-JRrushi-RCampbell.pdf · application/pdf · 343 kbytes

Citation formats

HTML

Julian L. Rrushi, Roy Campbell. <a
href="http://www.truststc.org/pubs/409.html"
>Using Deception to Facilitate Intrusion Detection in
Nuclear Power Plants</a>, 3rd International Conference
on Information Warfare and Security, William Mahoney, Peter
Kiewit Institute, University  of Nebraska, Omaha, USA; Edwin
Leigh Armistead, Edith Cowan University, Australia (eds.),
Peter Kiewit Institute, University of Nebraska Omaha, USA,
April, 2008.

Plain text

Julian L. Rrushi, Roy Campbell. "Using Deception to
Facilitate Intrusion Detection in Nuclear Power
Plants". 3rd International Conference on Information
Warfare and Security, William Mahoney, Peter Kiewit
Institute, University  of Nebraska, Omaha, USA; Edwin Leigh
Armistead, Edith Cowan University, Australia (eds.), Peter
Kiewit Institute, University of Nebraska Omaha, USA, April,
2008.

BibTeX

@inproceedings{RrushiCampbell08_UsingDeceptionToFacilitateIntrusionDetectionInNuclear,
    author = {Julian L. Rrushi and Roy Campbell},
    title = {Using Deception to Facilitate Intrusion Detection
              in Nuclear Power Plants},
    booktitle = {3rd International Conference on Information
              Warfare and Security},
    editor = {William Mahoney, Peter Kiewit Institute,
              University  of Nebraska, Omaha, USA; Edwin Leigh
              Armistead, Edith Cowan University, Australia},
    organization = {Peter Kiewit Institute, University of Nebraska
              Omaha, USA},
    month = {April},
    year = {2008},
    abstract = {In this paper we propose reactor mirage theory as
              a deception-based intrusion detection approach for
              digital I\&C systems in nuclear power plants
              (NPPs). We draw from military deception techniques
              based on simulation of physical targets such as
              troops, radar-equipped air defense installations,
              tanks, bridges, airfields, etc. We propose the
              employment of genuine digital I\&C systems to
              simulate physical components of a NPP via
              generation of Modbus protocol data units (PDUs)
              typical to the operation of these components.
              Communicating finite state machines are used to
              generate and recognize such deceptive PDUs.
              Artificially generated Modbus traffic is the
              reactor mirage theory counterpart of
              electromagnetic beam reflections, heat emitters,
              etc., commonly used as deceptive mechanisms by the
              military in warfare to indicate the existence of
              physical targets. These deceptive PDUs produce a
              drastic incrementation of the uncertainty which
              attackers may be subject to during the selection
              of target NPP components they plan to hit, hence
              increase by a high order of magnitude the
              probability of detection of attacks on NPP
              components. },
    URL = {http://www.truststc.org/pubs/409.html}
}

Posted by Julian L. Rrushi on 10 Jun 2008.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.