Abstract
Cyber-physical manufacturing system is the vision of future manufacturing systems where physical components are fully integrated through various networks and the Internet. The integration enables the access to computation resources that can improve efficiency, sustainability and cost-effectiveness. However, its openness and connectivity also enlarge the attack surface for cyber-attacks and cyber-physical attacks. A critical challenge in defending those attacks is that current intrusion detection methods cannot timely detect cyber-physical attacks. Studies showed that the physical detection provides a higher accuracy and a shorter respond time compared to network-based or host-based intrusion detection systems. Moreover, alert correlation and management methods help reducing the number of alerts and identifying the root cause of the attack.
In this paper, the intrusion detection research relevant to cyber-physical manufacturing security is reviewed. The physical detection methods — using side-channel data, including acoustic, image, acceleration, and power consumption data to disclose attacks during the manufacturing process — are analyzed. Finally, the alert correlation methods — that manage the high volume of alerts generated from intrusion detection systems via logical relationships to reduce the data redundancy and false alarms — are reviewed. The study show that the cyber-physical attacks are existing and rising concerns in industry. Also, the increasing efforts in cyber-physical intrusion detection and correlation research can be utilized to secure the future manufacturing systems.
Alert correlation in a cooperative intrusion detection framework