A multi-layered embedded intrusion detection framework for programmable logic controllers

• URL: http://arxiv.org/abs/2510.07171v1
• Date: Wed, 08 Oct 2025 16:12:02 GMT
• Title: A multi-layered embedded intrusion detection framework for programmable logic controllers
• Authors: Rishabh Das. Aaron Werth, Tommy Morris,
• Abstract summary: This research presents an embedded intrusion detection system that runs inside the controller and uses header-level telemetry to detect and respond to network attacks.<n>The proposed architecture provides a multi-layer embedded security that meets the real-time requirements of an industrial system.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Industrial control system (ICS) operations use trusted endpoints like human machine interfaces (HMIs) and workstations to relay commands to programmable logic controllers (PLCs). Because most PLCs lack layered defenses, compromise of a trusted endpoint can drive unsafe actuator commands and risk safety-critical operation. This research presents an embedded intrusion detection system that runs inside the controller and uses header-level telemetry to detect and respond to network attacks. The system combines a semi-supervised anomaly detector and a supervised attack classifier. We evaluate the approach on a midstream oil-terminal testbed using three datasets collected during tanker-truck loading. The anomaly detector achieves zero missed attacks, corresponding to 0.998 Matthews correlation. The supervised stage attains 97.37 percent hold-out accuracy and 97.03 percent external accuracy. The embedded design adds a median of 2,031 microseconds of end-to-end latency and does not impact PLC's cycle time. The proposed architecture provides a multi-layer embedded security that meets the real-time requirements of an industrial system.

Related papers

• Detecting Object Tracking Failure via Sequential Hypothesis Testing [80.7891291021747]
  Real-time online object tracking in videos constitutes a core task in computer vision.<n>We propose interpreting object tracking as a sequential hypothesis test, wherein evidence for or against tracking failures is gradually accumulated over time.<n>We propose both supervised and unsupervised variants by leveraging either ground-truth or solely internal tracking information.
  arXiv  Detail & Related papers  (2026-02-13T14:57:15Z)
• A PUF-Based Security Framework for Fault and Intrusion Detection [0.0]
  This research presents a hardware-root-of-trust that embeds a Physically Unclonable Function (PUF) at the measurement layer to authenticate sensor readings.<n>The architecture combines voltage fingerprinting with a temporal authentication that integrates with standard industrial control system architecture.
  arXiv  Detail & Related papers  (2026-01-25T02:36:08Z)
• Decentralized Multi-Agent Swarms for Autonomous Grid Security in Industrial IoT: A Consensus-based Approach [0.0]
  DMAS agents communicate via a lightweight peer-to-peer protocol to cooperatively detect anomalous behavior.<n>Agents vote on the threat level of an identified threat, enabling instant quarantine of a compromised node or nodes.<n> DMAS demonstrated sub-millisecond response times, 97.3% accuracy in detecting malicious activity under high load, and 87% accuracy in detecting zero-day attacks.
  arXiv  Detail & Related papers  (2026-01-24T04:25:36Z)
• Towards a Multi-Layer Defence Framework for Securing Near-Real-Time Operations in Open RAN [4.240433132593161]
  Securing the near-real-time (near-RT) control operations in Open Radio Access Networks (Open RAN) is increasingly critical.<n>New runtime threats target the control loop while the system is operational.<n>We propose a multi-layer defence framework designed to enhance the security of near-RT RAN Intelligent Controller (RIC) operations.
  arXiv  Detail & Related papers  (2025-12-01T12:13:32Z)
• Building a Foundational Guardrail for General Agentic Systems via Synthetic Data [76.18834864749606]
  LLM agents can plan multi-step tasks, intervening at the planning stage-before any action is executed-is often the safest way to prevent harm.<n>Existing guardrails mostly operate post-execution, which is difficult to scale and leaves little room for controllable supervision at the plan level.<n>We introduce AuraGen, a controllable engine that synthesizes benign trajectories, injects category-labeled risks with difficulty, and filters outputs via an automated reward model.
  arXiv  Detail & Related papers  (2025-10-10T18:42:32Z)
• Adaptive Attacks on Trusted Monitors Subvert AI Control Protocols [80.68060125494645]
  We study adaptive attacks by an untrusted model that knows the protocol and the monitor model.<n>We instantiate a simple adaptive attack vector by which the attacker embeds publicly known or zero-shot prompt injections in the model outputs.
  arXiv  Detail & Related papers  (2025-10-10T15:12:44Z)
• ViSTR-GP: Online Cyberattack Detection via Vision-to-State Tensor Regression and Gaussian Processes in Automated Robotic Operations [5.95097350945477]
  Connected and automated factories face growing cybersecurity risks that can potentially cause interruptions and damages to physical operations.<n>Data-integrity attacks often involve sophisticated exploitation of vulnerabilities that enable an attacker to access and manipulate the operational data.<n>This paper develops an online detection framework, ViSTR-GP, that cross-checks encoder-reported measurements against a vision-based estimate from an overhead camera outside the controller's authority.
  arXiv  Detail & Related papers  (2025-09-13T19:10:35Z)
• Adaptive t Design Dummy-Gate Obfuscation for Cryogenic Scale Enforcement [0.0]
  Cloud quantum services can reveal circuit structure and timing through scheduler metadata, latency patterns, and co-tenant interference.<n>We introduce NADGO, a scheduling and obfuscation stack that enforces operational privacy for gate-model workloads.<n>We prototype the approach on a 4-qubit superconducting tile with cryo-CMOS control and evaluate both depth-varied local-random circuits and small QAOA instances.
  arXiv  Detail & Related papers  (2025-08-31T12:12:48Z)
• Hybrid Cryptographic Monitoring System for Side-Channel Attack Detection on PYNQ SoCs [0.0]
  AES-128 encryption is theoretically secure but vulnerable in practical deployments due to timing and fault injection attacks on embedded systems.<n>This work presents a lightweight dual-detection framework combining statistical thresholding and machine learning (ML) for real-time anomaly detection.
  arXiv  Detail & Related papers  (2025-08-29T13:13:43Z)
• DRIFT: Dynamic Rule-Based Defense with Injection Isolation for Securing LLM Agents [52.92354372596197]
  Large Language Models (LLMs) are increasingly central to agentic systems due to their strong reasoning and planning capabilities.<n>This interaction also introduces the risk of prompt injection attacks, where malicious inputs from external sources can mislead the agent's behavior.<n>We propose a Dynamic Rule-based Isolation Framework for Trustworthy agentic systems, which enforces both control and data-level constraints.
  arXiv  Detail & Related papers  (2025-06-13T05:01:09Z)
• CANTXSec: A Deterministic Intrusion Detection and Prevention System for CAN Bus Monitoring ECU Activations [53.036288487863786]
  We propose CANTXSec, the first deterministic Intrusion Detection and Prevention system based on physical ECU activations.<n>It detects and prevents classical attacks in the CAN bus, while detecting advanced attacks that have been less investigated in the literature.<n>We prove the effectiveness of our solution on a physical testbed, where we achieve 100% detection accuracy in both classes of attacks while preventing 100% of FIAs.
  arXiv  Detail & Related papers  (2025-05-14T13:37:07Z)
• Code-as-Monitor: Constraint-aware Visual Programming for Reactive and Proactive Robotic Failure Detection [56.66677293607114]
  We propose Code-as-Monitor (CaM) for both open-set reactive and proactive failure detection.<n>To enhance the accuracy and efficiency of monitoring, we introduce constraint elements that abstract constraint-related entities.<n>Experiments show that CaM achieves a 28.7% higher success rate and reduces execution time by 31.8% under severe disturbances.
  arXiv  Detail & Related papers  (2024-12-05T18:58:27Z)
• Attention Meets UAVs: A Comprehensive Evaluation of DDoS Detection in Low-Cost UAVs [1.6820106165213193]
  This paper explores the critical issue of enhancing cybersecurity measures for low-cost, Wi-Fi-based Unmanned Aerial Vehicles (UAVs) against Distributed Denial of Service (DDoS) attacks. We have developed a detection mechanism that runs on the companion computer of the UAV system. In this work, we present the necessary steps required to build an on-board DDoS detection mechanism.
  arXiv  Detail & Related papers  (2024-06-28T12:44:01Z)
• No Need to Know Physics: Resilience of Process-based Model-free Anomaly Detection for Industrial Control Systems [95.54151664013011]
  We present a novel framework to generate adversarial spoofing signals that violate physical properties of the system. We analyze four anomaly detectors published at top security conferences.
  arXiv  Detail & Related papers  (2020-12-07T11:02:44Z)
• Online Monitoring of Object Detection Performance During Deployment [6.166295570030645]
  We introduce a cascaded neural network that monitors the performance of the object detector by predicting the quality of its mean average precision (mAP) on a sliding window of the input frames. We evaluate our proposed approach using different combinations of autonomous driving datasets and object detectors.
  arXiv  Detail & Related papers  (2020-11-16T07:01:43Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.