Industrial Control Devices are one of the major targets for hackers due to their exposure to threats. The principle of “air gaps” (disconnecting the Industrial Control Network from the operational networks) is not anymore feasible in a connected world. In this paper, a host anomaly detection system for Critical Infrastructures networks is presented. The device, called Smart Extension, also implements a filtering strategy in order to secure a single host reacting to cyber threats. Therefore, it is positioned in the network between PLC (Programmable Logic Controller) and the SCADA (Supervisory Control and Data Acquisition) control centre, more precisely just in front of the PLC. Finally, experimental results are shown in order to explain the internal working procedures in a possible case study.
Colelli, R., Foglietta, C., Panzieri, S., & Pascucci, F. (2020). The Smart Extension approach for securing industrial control systems. In IFAC-PapersOnLine (pp.11207-11212). RADARWEG 29, 1043 NX AMSTERDAM, NETHERLANDS : Elsevier B.V. [10.1016/j.ifacol.2020.12.321].