Research Papers

Intrusion Detection System for Cyber-Manufacturing System

[+] Author and Article Information
Mingtao Wu

Department of Mechanical and
Aerospace Engineering,
Syracuse University,
263 Link Hall,
Syracuse, NY 13244
e-mail: miwu@syr.edu

Young B. Moon

Department of Mechanical and
Aerospace Engineering,
Syracuse University,
263 Link Hall,
Syracuse, NY 13244
e-mail: ybmoon@syr.edu

1Corresponding author.

Manuscript received March 11, 2018; final manuscript received November 5, 2018; published online January 22, 2019. Assoc. Editor: Karl R. Haapala.

J. Manuf. Sci. Eng 141(3), 031007 (Jan 22, 2019) (9 pages) Paper No: MANU-18-1145; doi: 10.1115/1.4042053 History: Received March 11, 2018; Revised November 05, 2018

Cyber-manufacturing system (CMS) offers a blueprint for future manufacturing systems in which physical components are fully integrated with computational processes in a connected environment. Similar concepts and visions have been developed to different extents and under different names—“Industrie 4.0” in Germany, “Monozukuri” in Japan, “Factories of the Future” in the EU, and “Industrial Internet” by GE. However, CMS opens a door for cyber–physical attacks on manufacturing systems. Current computer and information security methods—firewalls and intrusion detection system (IDS), etc.—cannot detect the malicious attacks in CMS with adequate response time and accuracy. Realization of the promising CMS depends on addressing cyber–physical security issues effectively. These attacks can cause physical damages to physical components—machines, equipment, parts, assemblies, products—through over-wearing, breakage, scrap parts or other changes that designers did not intend. This research proposes a conceptual design of a system to detect cyber–physical intrusions in CMS. To accomplish this objective, physical data from the manufacturing process level and production system level are integrated with cyber data from network-based and host-based IDSs. The correlations between the cyber and physical data are analyzed. Machine learning methods are adapted to detect the intrusions. Three-dimensional (3D) printing and computer numerical control (CNC) milling process are used as examples of manufacturing processes for detecting cyber–physical attacks. A cyber–physical attack scenario is presented with preliminary results to illustrate how the system can be used.

Copyright © 2019 by ASME
Your Session has timed out. Please sign back in to continue.


Song, Z. , and Moon, Y. , 2016, “Assessing Sustainability Benefits of Cybermanufacturing Systems,” Int. J. Adv. Manuf. Technol., 90(5–8), pp. 1–18.
Ren, L. , Zhang, L. , Tao, F. , Zhao, C. , Chai, X. , and Zhao, X. , 2015, “Cloud Manufacturing: From Concept to Practice,” Enterp. Inf. Syst., 9(2), pp. 186–209. [CrossRef]
IBM X-Force Research, 2017, “Security Trends in the Manufacturing Industry,” IBM Security, Cambridge, MA.
Jazdi, N. , 2014, “Cyber Physical Systems in the Context of Industry 4.0,” IEEE International Conference on Automation, Quality and Testing, Robotics, Cluj Napoka, Romania, May 22–24, pp. 2–4.
Davis, J. , Edgar, T. , Porter, J. , Bernaden, J. , and Sarli, M. , 2012, “Smart Manufacturing, Manufacturing Intelligence and Demand-Dynamic Performance,” Comput. Chem. Eng., 47, pp. 145–156. [CrossRef]
Minnick, J. , 2016, “The Biggest Cybersecurity Problems Facing Manufacturing In 2016,” Manufacturing Business Technology, Madison, WI, accessed Nov. 28, 2018, http://www.mbtmag.com/article/2016/01/biggest-cybersecurity-problems-facing-manufacturing-2016
Pan, Y. , White, J. , Schmidt, D. , Elhabashy, A. , Sturm, L. , Camelio, J. , and Williams, C. , 2017, “Taxonomies for Reasoning About Cyber-Physical Attacks in IoT-Based Manufacturing Systems,” Int. J. Interact. Multimed. Artif. Intell., 4(3), p. 45.
Sturm, L. D. , Williams, C. B. , Camelio, J. A. , White, J. , and Parker, R. , 2017, “Cyber-Physical Vulnerabilities in Additive Manufacturing Systems: A Case Study Attack on the STL File With Human Subjects,” J. Manuf. Syst., 44, pp. 154–64. [CrossRef]
Bilge, L. , and Dumitras, T. , 2012, “Before We Knew It: An Empirical Study of Zero-Day Attacks in the Real World,” ACM Conference on Computer and Communications Security (CCS'12), Raleigh, NC, Oct. 16–18, pp. 833–44.
Mitchell, R. , and Chen, I.-R. , 2014, “A Survey of Intrusion Detection Techniques for Cyber-Physical Systems,” ACM Comput. Surv., 46(4), pp. 55–84.
Liao, H.-J. , Richard Lin, C.-H. , Lin, Y.-C. , and Tung, K.-Y. , 2013, “Intrusion Detection System: A Comprehensive Review,” J. Network Comput. Appl., 36(1), pp. 16–24. [CrossRef]
Debar, H. , 2017, “What is Behavior Based Intrusion Detection?,” SANS Institute, North Bethesda, MD, accessed Nov. 28, 2018, https://www.sans.org/security-resources/
Bitkom, V. , Vdma, V. , and Zvei, V. , 2016, “Implementation Strategy Industrie 4.0.,” Berlin, Germany.
Han, S. , Xie, M. , Chen, H. , and Ling, Y. , 2014, “Intrusion Detection in Cyber-Physical Systems: Techniques and Challenges,” Syst. J., 8(4), pp. 1049–59.
Wu, M. , Song, Z. , and Moon, Y. B. , 2017, “Detecting Cyber-Physical Attacks in Cyber Manufacturing Systems With Machine Learning Methods,” J. Intell. Manuf., (in press).
Langner, R. , 2011, “Stuxnet: Dissecting a Cyberwarfare Weapon,” IEEE Secur. Privacy, 9(3), pp. 49–51. [CrossRef]
Lee, R. M. , Assante, M. J. , and Conway, T. , 2014, “German Steel Mill Cyber Attack,” Ind. Control Syst., pp. 1–15. https://ics.sans.org/media/ICS-CPPE-case-Study-2-German-Steelworks_Facility.pdf
Ehrenfeld, J. M. , 2017, “WannaCry, Cybersecurity and Health Information Technology: A Time to Act,” J. Med. Syst., 41(7), p. 104. [CrossRef] [PubMed]
Kaspersky Lab, 2017, “The State of Industrial Cybersecurity 2017,” Kaspersky, Woburn, MA.
The Seattle Times, 2018, “Boeing Hit by WannaCry Virus, But Says Attack Caused Little Damage,” The Seattle Times, Seattle, WA, accessed May 20, 2018, https://www.seattletimes.com/business/boeing-aerospace/boeing-hit-by-wannacry-virus-fears-it-could-cripple-some-jet-production/
Sturm, L. D. , Williams, C. B. , Camelio, J. A. , White, J. , and Parker, R. , 2014, “Cyber-Physical Vulnerabilities in Additive Manufacturing Systems,” International Solid Freeform Fabrication Symposium, Storrs, CT, pp. 951–963.
Turner, H. , White, J. , Camelio, J. A. , Williams, C. , Amos, B. , and Parker, R. , 2015, “Bad Parts: are Our Manufacturing Systems at Risk of Silent Cyberattacks?,” IEEE Secur. Privacy, 13(3), pp. 40–47. [CrossRef]
Yampolskiy, M. , Skjellum, A. , Kretzschmar, M. , Overfelt, R. A. , Sloan, K. R. , and Yasinsac, A. , 2016, “Using 3D Printers as Weapons,” Int. J. Crit. Infrastruct. Prot., 14, pp. 58–71. [CrossRef]
Belikovetsky, S. , Yampolskiy, M. , Toh, J. , and Elovici, Y. , 2016, “Dr0wned—Cyber-Physical Attack With Additive Manufacturing,” e-print arXiv:1609.00133
Wu, M. , and Moon, Y. B. , 2017, “Taxonomy of Cross-Domain Attacks on Cyber Manufacturing System,” Procedia Comput. Sci., 114, pp. 367–374. [CrossRef]
Vincent, H. , Wells, L. , Tarazaga, P. , and Camelio, J. , 2015, “Trojan Detection and Side-Channel Analyses for Cyber-Security in Cyber-Physical Manufacturing Systems,” Procedia Manuf., 1, pp. 77–85. [CrossRef]
Wu, M. , Phoha, V. V. , Moon, Y. B. , and Belman, A. K. , 2016, “Detecting Malicious Defects in 3D Printing Process Using Machine Learning and Image Classification,” ASME Paper No. IMECE2016-67641.
Wu, M. , Zhou, H. , Lin, L. L. , Silva, B. , Song, Z. , Cheung, J. , and Moon, Y. , 2017, “Detecting Attacks in Cyber Manufacturing Systems: Additive Manufacturing Example,” MATEC Web Conf., 108, p. 06005. [CrossRef]
Wu, M. , and Moon, Y. , 2018, “DACDI (Define, Audit, Correlate, Disclose, and Improve) Framework to Address Cyber-Manufacturing Attacks and Intrusions,” Manuf. Lett., 15, pp. 155–159.
Chhetri, S. R. , Canedo, A. , and Faruque, M. A. , 2016, “KCAD: Kinetic Cyber-Attack Detection Method for Cyber-Physical Additive Manufacturing Systems,” 35th International Conference on Computer-Aided Design (ICCAD '16), Austin, TX, Nov. 7–10, pp. 1–8.
Belikovetsky, S. , Solewicz, Y. , Yampolskiy, M. , Toh, J. , and Elovici, Y. , 2017, “Detecting Cyber-Physical Attacks in Additive Manufacturing Using Digital Audio Signing,” e-print arXiv:1705.06454v1
Adamson, G. , Wang, L. , Holm, M. , and Moore, P. , 2015, “Cloud Manufacturing—A Critical Review of Recent Development and Future Trends,” Int. J. Comput. Integr. Manuf., 30(4–5), pp. 347–380.
Modi, C. , Patel, D. , Patel, H. , Borisaniya, B. , Patel, A. , and Rajarajan, M. , 2013, “A Survey of Intrusion Detection Techniques in Cloud,” J. Network Comput. Appl., 36(1), pp. 42–57. [CrossRef]
Jaeger, D. , Ussath, M. , Cheng, F. , and Meinel, C. , 2016, “Multi-Step Attack Pattern Detection on Normalized Event Logs,” IEEE Second International Conference on Cyber Security and Cloud Computing, New York, Nov. 3–5, pp. 390–398.
Timofte, J. , 2008, “Intrusion Detection Using Open Source Tools,” Inform. Econ. J., XII(2), pp. 75–79. https://core.ac.uk/download/pdf/6612510.pdf
Roesch, M. , 1999, “Snort—Lightweight Intrusion Detection for Networks,” 13th System Administration (LISA '99), Seattle, WA, Nov. 7–12, pp. 229–238.
Kemmerer, R. A. , and Vigna, G. , 2002, “Intrusion Detection: A Brief History and Overview,” Computer, 35(4), pp. supl27–supl30. [CrossRef]
Shen, Q. , Gao, J. , and Li, C. , 2010, “Automatic Classification of Weld Defects in Radiographic Images,” Insight Non-Destr. Test. Cond. Monit., 52(3), pp. 134–139. [CrossRef]
Pernkopf, F. , and O'Leary, P. , 2003, “Image Acquisition Techniques for Automatic Visual Inspection of Metallic Surfaces,” NDT E Int., 36(8), pp. 609–617. [CrossRef]
Jia, H. , Murphey, Y. L. , Shi, J. , and Chang, T. S. , 2004, “An Intelligent Real-Time Vision System for Surface Defect Detection,” International Conference on Pattern Recognition (ICPR), Cambridge, UK, Aug. 26, pp. 239–242.
Duro, J. A. , Padget, J. A. , Bowen, C. R. , and Kim, H. A. , 2016, “Multi-Sensor Data Fusion Framework for CNC Machining Monitoring,” Mech. Syst. Signal Process, 66–67, pp. 505–520. [CrossRef]
Song, C. , Lin, F. , Ba, Z. , Ren, K. , Zhou, C. , and Xu, W. , 2016, “My Smartphone Knows What You Print: Exploring Smartphone-Based Side-Channel Attacks Against 3D Printers,” ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, Oct. 24–28, pp. 895–907.
Wu, M. , Song, J. , Lin, L. W. L. , Aurelle, N. , Liu, Y. , Ding, B. , Song, Z. , and Moon, Y. B. , 2018, “Establishment of Intrusion Detection Testbed for Cyber Manufacturing Systems,” 46th SME North American Manufacturing Research Conference, College Station, TX, p. 11.
Sun, X. , Wang, X. , Wu, J. , and Liu, Y. , 2014, “Prediction-Based Manufacturing Center Self-Adaptive Demand Side Energy Optimization in Cyber Physical Systems,” Chin. J. Mech. Eng., 27(3), pp. 488–495. [CrossRef]
Kroll, B. , Schaffranek, D. , Schriegel, S. , and Niggemann, O. , 2014, “System Modeling Based on Machine Learning for Anomaly Detection and Predictive Maintenance in Industrial Plants,” IEEE Emerging Technology and Factory Automation (ETFA), Barcelona, Spain, Sept. 16–19, p. 7.
Alnabulsi, H. , Islam, M. R. , and Mamun, Q. , 2014, “Detecting SQL Injection Attacks Using SNORT IDS,” Asia-Pacific World Congress on Computer Science and Engineering, Nadi, Fiji, Nov. 4–5.
Patil, T. R. , and Sherekar, S. S. , 2013, “Performance Analysis of Naive Bayes and J48 Classification Algorithm for Data Classification,” Int. J. Comput. Sci. Appl., 6(2), pp. 256–261. http://keddiyan.com/files/AHCI/week2/9.pdf
Kandhari, R. , Chandola, V. , Banerjee, A. , Kumar, V. , and Kandhari, R. , 2009, “Anomaly Detection: A Survey,” ACM Comput. Surv., 41(3), pp. 1–6.


Grahic Jump Location
Fig. 1

Workflow for cyber-manufacturing system

Grahic Jump Location
Fig. 2

Production and time sequence correlation between cyber and physical data

Grahic Jump Location
Fig. 3

Influence scale of an attack in CMS

Grahic Jump Location
Fig. 4

CMS testbed for intrusion detection research: (a) CMS testbed diagram and (b) CMS testbed setup

Grahic Jump Location
Fig. 5

Cyber–physical attack and detection data flow

Grahic Jump Location
Fig. 6

Accelerometer and acoustic data from the preliminary experiment: (a) accelerometer signal and (b) acoustic signal



Some tools below are only available to our subscribers or users with an online account.

Related Content

Customize your page view by dragging and repositioning the boxes below.

Related Journal Articles
Related eBook Content
Topic Collections

Sorry! You do not have access to this content. For assistance or to subscribe, please contact us:

  • TELEPHONE: 1-800-843-2763 (Toll-free in the USA)
  • EMAIL: asmedigitalcollection@asme.org
Sign In