Cases have occurred in which advanced cyber-attacks have penetrated control systems to issue commands that pretend to be normal and are highly indistinguishable from real commands. Existing detection methods that compare incoming traffic with known suspicious patterns can fail to detect such attacks. Comparison with the enormous volume of known suspicious patterns can take time and cause control system operations to fail.
Mitsubishi Electric observed that normal control-system traffic in critical infrastructure differs if the system is operating, not operating or under maintenance, so the new technology uses different detection rules for each operational state. With cyber-attacks continuing to increase, it takes an enormous amount of time to generate suspicious patterns and search for matches. But normal commands in control systems are limited, so the rules can be limited, which enables Mitsubishi Electric's new technology to search for matches quickly and detect attacks while preserving the real-time operation of control systems. The company evaluated the processing time of attack detection for the control system under our consideration. The evaluation revealed that the new technology only takes 0.04 ms, compared to 2.44 ms for an existing technology, while the real-time requirement is 1.44 ms.

Mitsubishi Electric Corporation published this content on 17 May 2017 and is solely responsible for the information contained herein.
Distributed by Public, unedited and unaltered, on 17 May 2017 02:02:25 UTC.

Original documenthttp://www.mitsubishielectric.com/news/2017/0517.html

Public permalinkhttp://www.publicnow.com/view/096A2529A7159329FF64325B487F0E4508A6D67A