SCAPHY: Detecting Modern ICS Attacks by Correlating Behaviors in SCADA and PHYsical. (arXiv:2211.14642v1 [cs.CR])

Modern Industrial Control Systems (ICS) attacks evade existing tools by using
knowledge of ICS processes to blend their activities with benign Supervisory
Control and Data Acquisition (SCADA) operation, causing physical world damages.
We present SCAPHY to detect ICS attacks in SCADA by leveraging the unique
execution phases of SCADA to identify the limited set of legitimate behaviors
to control the physical world in different phases, which differentiates from
attackers activities. For example, it is typical for SCADA to setup ICS …

attacks ics physical scada