FingerCI

Cyber-physical attacks on critical infrastructures (CI) or industrial control systems (ICS) can compromise the integrity and operability of physical systems, potentially damaging critical facilities. Specification-based Intrusion Detection Systems (IDSs) can detect those attacks but often require an accurate specification of the monitored ICS, which is often a deterrent to their usage. This paper presents FingerCI, a solution to automatically generate a model of an ICS, which we name a fingerprint, based on network traffic inspection, business process discovery, and physical behaviour analysis. An airport baggage handling system testbed shows that the fingerprints can be used to configure specification-based IDS with high accuracy results, reducing the amount of effort required to use that detection approach.