FedTIU: Securing Virtualized PLCs Against DDoS Attacks Using a Federated Learning Enabled Threat Intelligence Unit

Conventional Programmable Logic Controller (PLC) systems are becoming increasingly challenging to manage due to hardware and software dependencies. Moreover, the number and size of conventional PLCs on factory floors continue to increase, and virtualized PLC (vPLC) offers a solution to address these challenges. The utilization of vPLC offers the advantages of streamlining communication between high-level applications and low-level machine operations, enhancing programming ability in process control systems by abstracting control functions from I/O modules, and increasing automation in industrial control networks. Nevertheless, the connection of vPLC to the internet and cloud services presents a considerable cybersecurity risk, and the crucial aspect of information security for vPLCs is ensuring their availability. Distributed Denial of Service (DDoS) attacks can be particularly devastating for vPLCs, as they rely on internet connectivity to function. DDoS attacks on vPLC overwhelm it and causing it to become unavailable. vPLCs manages control systems and if targeted by a DDoS attack, these systems could become unresponsive, leading to significant disruption to industrial processes. Thus, implementing effective DDoS protection measures is crucial for ensuring the availability and reliability of vPLCs in industrial settings. Therefore, this work proposes a Federated learning enabled Threat Intelligence Unit (FedTIU) for detecting DDoS attacks on vPLCs on an Edge Compute Stack near to vPLC. The proposed approach involves collaborative model training using federated learning techniques to gain knowledge of new attack patterns from other industrial sites while maintaining data privacy.