Releases: Critical-Infrastructure-Systems-Lab/DHALSIM
Learning-based attack concealment module included
This version of DHALSIM provides the learning-based attack concelment module that was developed by Alessandro Erba and presented in "Constrained Concealment Attacks against Reconstruction-based Anomaly Detectors in Industrial Control Systems" https://dl.acm.org/doi/abs/10.1145/3427228.3427660
What's Changed
- Latest version for dataset presented in CCS - RICSS'24 Workshop by @afmurillo in #52
- Update synced_event.py by @Tuto96 in #53
New Contributors
Full Changelog: v0.6.0...v0.6.1
Learning-based attack concealment module included
This version of DHALSIM provides the learning-based attack concelment module that was developed by Alessandro Erba and presented in "Constrained Concealment Attacks against Reconstruction-based Anomaly Detectors in Industrial Control Systems" https://dl.acm.org/doi/abs/10.1145/3427228.3427660
What's Changed
- Merge from dev paper, concealment now supports multitag by @afmurillo in #30
- Dev paper by @afmurillo in #31
- Merging from the new attacks development by @afmurillo in #33
- Tests update v1.0 by @NicolasOrjuela in #38
- Dev python3 by @afmurillo in #39
- Dev paper by @afmurillo in #41
- DHALSIM on Python3 by @afmurillo in #42
- Dev paper by @afmurillo in #44
- New DHALSIM release by @afmurillo in #45
- Preparing version 0.5.0 by @afmurillo in #47
- Added no concealment attacks configuration files by @afmurillo in #48
- Dev by @afmurillo in #50
New Contributors
- @NicolasOrjuela made their first contribution in #38
Full Changelog: v0.5.0...v0.6.0
DHALSIM Prototype with additional attacks and concealment
This version of DHALSIM provides a set of new attacks and concealment mechanisms for the Man in the Middle attacks.
DHALSIM Prototype with new synchronization mechanism
This version of DHALSIM provides a new synchronization mechanism for the co-simulation environment between the physical simulators and MiniCPS network. Results should now be repeatable across multiple runs.
In addition, some basic network events are now supported: network delays and network packet loss. These events use the same configuration structure as network attacks and also follow a similar syntax. In the back end, the events are implemented using Linux tc tool
DHALSIM Prototype with enhanced features and experimental Epynet support
This new version of the Digital Twin for Water Distribution Systems provides more example topologies and adds additional information handled by the SCADA nodes in the topologies. In addition, DHALSIM-epynet is used for one example topology instead of WNTR.
This software is developed by the Singaporean National Satellite of Excellence Project "Learning from Network and Process data to secure Water Distribution Systems" from the SUTD Resilient Water Systems Group and iTrust. In addition, Davide Salaorni, Master's student from Politecnico de Milano has developed DHALSIM-epynet as an experimental hydraulics simulator. DHALSIM-epynet is a wrapper around EPANET 2.2 fully supported in Python.
This version introduces some changes from the August version:
- DHALSIM uses now .yaml files to describe network and device attacks. Some basic attacks are supported.
- The beginning and ending of attacks is controlled by the physical process module, that contains the "master clock" of a DHALSIM experiment
- SCADA nodes now receive not only the tank levels, but also pump/valves flows, and some junctions pressure
- The enhanced_ctown_topology uses epynet instead of WNTR to simulate the hydraulic process. Epynet follows more closely a step-by-step simulation in EPANET 2.2
This is the last release before DHALSIM1.0 is released. DHALSIM 1.0 is a major change for DHALSIM and will fully support an automatic parser for epanet INP file, better documentation, and an installation script that automatically deploys the digital twin.
DISCLAIMER: This version requires an upgraded version of MiniCPS that still is pending merging with the main MiniCPS repository, this version can be found here: https://github.com/afmurillo/minicps This version extends the devices class to provide to new methods for the ENIP protocol: send_multiple and receive_multiple. These methods enable a PLC to send/receive multiple tags at the same time
Proof of concept of the Digital Twin for Water Distribution Systems
This is still a beta version of the Digital Twin for Water Distribution Systems. This software uses Mininet, MiniCPS, and the EPANET WNTR simulator to emulate the behavior of different water distribution topologies. To our knowledge, this is the first digital twin that provides network information for such systems. This is because by using MiniCPS we are able to emulate a virtual network in which processes representing PLCs with their own virtual network interfaces exchange communication messages using a standard industrial protocol such as ENIP.
For each experiment two types of data are generated: i) physical data: the state of the system in time for the pland, ii) network data, each of the devices starts a tcpdump capture that creates a .pcap file with the messages sent/received during the experiment. In addition, In addition, attacks of the PLCs and communication between devices are performed generating network and physical results of such attacks.
This software is developed by the Singaporean National Satellite of Excellence Project "Learning from Network and Process data to secure Water Distribution Systems" from the SUTD Resilient Water Systems Group and iTrust.
This version introduces some changes from the August version:
- PLCs now extend from a class called basePLC. basePLC implements all the functions that are common among any PLC or SCADA device. In addition, basePLC uses a thread to send the PLC state (sensor or actuator data).
- This version starts using config .yaml files to start generalizing DHALSIM
These two changes are done in preparation for a fully automatic DHALSIM version that can parse an epanet INP file, automatically generate a DHALSIM topology, and run an experiment with such file
DISCLAIMER: This version requires an upgraded version of MiniCPS that still is pending merging with the main MiniCPS repository, this version can be found here: https://github.com/afmurillo/minicps This version extends the devices class to provide to new methods for the ENIP protocol: send_multiple and receive_multiple. These methods enable a PLC to send/receive multiple tags at the same time
Proof of concept of the Digital Twin for Water Distribution Systems
This is the beta version of the Digital Twin for Water Distribution Systems. This software uses Mininet, MiniCPS, and the EPANET WNTR simulator to emulate the behavior of different water distribution topologies. To our knowledge, this is the first digital twin that provides network information for such systems. This is because by using MiniCPS we are able to emulate a virtual network in which processes representing PLCs with their own virtual network interfaces exchange communication messages using a standard industrial protocol such as ENIP.
For each experiment two types of data are generated: i) physical data: the state of the system in time for the pland, ii) network data, each of the devices starts a tcpdump capture that creates a .pcap file with the messages sent/received during the experiment. In addition, In addition, attacks of the PLCs and communication between devices are performed generating network and physical results of such attacks.
This software is developed by the Singaporean National Satellite of Excellence Project "Learning from Network and Process data to secure Water Distribution Systems" from the SUTD Resilient Water Systems Group and iTrust.
Proof of concept of the Digital Twin for Water Distribution Systems
This is the beta version of the Digital Twin for Water Distribution Systems. This software uses Mininet, MiniCPS, and the EPANET WNTR simulator to emulate the behavior of different water distribution topologies. To our knowledge, this is the first digital twin that provides network information for such systems. This is because by using MiniCPS we are able to emulate a virtual network in which processes representing PLCs with their own virtual network interfaces exchange communication messages using a standard industrial protocol such as ENIP.
For each experiment two types of data are generated: i) physical data: the state of the system in time for the pland, ii) network data, each of the devices starts a tcpdump capture that creates a .pcap file with the messages sent/received during the experiment. In addition, In addition, attacks of the PLCs and communication between devices are performed generating network and physical results of such attacks.
This software is developed by the Singaporean National Satellite of Excellence Project "Learning from Network and Process data to secure Water Distribution Systems" from the SUTD Resilient Water Systems Group and iTrust.