2024年 第32卷 第1期
《工程(英文)》 >> 2024年 第32卷 第1期 doi: 10.1016/j.eng.2023.01.013
CORMAND2——针对工业机器人的欺骗攻击
a Control Science and Engineering, Zhejiang University, Hangzhou, 310000, China
b Computer Science and Engineering, University of Colorado Denver, Denver, CO 999039, USA
下一篇 上一篇
摘要
Industrial robots are becoming increasingly vulnerable to cyber incidents and attacks, particularly with the dawn of the Industrial Internet-of-Things (IIoT). To gain a comprehensive understanding of these cyber risks, vulnerabilities of industrial robots were analyzed empirically, using more than three million communication packets collected with testbeds of two ABB IRB120 robots and five other robots from various Original Equipment Manufacturers (OEMs). This analysis, guided by the confidentiality–integrity–availability (CIA) triad, uncovers robot vulnerabilities in three dimensions: confidentiality, integrity, and availability. These vulnerabilities were used to design Covering Robot Manipulation via Data Deception (CORMAND2), an automated cyber–physical attack against industrial robots. CORMAND2 manipulates robot operation while deceiving the Supervisory Control and Data Acquisition (SCADA) system that the robot is operating normally by modifying the robot’s movement data and data deception. CORMAND2 and its capability of degrading the manufacturing was validated experimentally using the aforementioned seven robots from six different OEMs. CORMAND2 unveils the limitations of existing anomaly detection systems, more specifically the assumption of the authenticity of SCADA-received movement data, to which we propose mitigations for.
京公网安备 11010502051620号
