Industrial Control Systems (ICSes), networked through conventional IT infrastructures, are vulnerable to attacks originating from network channels. Perimeter security techniques such as access control and firewalls have had limited success in mitigating such attacks due to the frequent updates required by standard computing platforms, third-party hardware and embedded process controllers. The high level of human-machine interaction also aids in circumventing perimeter defenses, making an ICS susceptible to attacks such as reprogramming of embedded controllers. The Stuxnet and Aurora attacks have demonstrated the vulnerabilities of ICS security and proved that these systems can be stealthily compromised.

We present several run-time methods for preemptive intrusion detection in industrial control systems to enhance ICS security against reconfiguration and network attacks. A run-time prediction using a linear model of the physical plant and a neural-network based classifier trigger mechanism are proposed for preemptive detection of an attack. A standalone, safety preserving, optimal backup controller is implemented to ensure plant safety in case of an attack. The intrusion detection mechanism and the backup controller are instantiated in configurable hardware, making them invisible to operating software and ensuring their integrity in the presence of malicious software. Hardware implementation of our approach on an inverted pendulum system illustrates the performance of both techniques in the presence of reconfiguration and network attacks.