A distributed intrusion detection system for industrial automation networks

Schuster, Franka; Paul, Amrit Kumar

doi:10.1109/etfa.2012.6489703

Cited by 9 publications

(7 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…[14] Machine learning based Presented an intrusion detection system based on SCADA intrusion detectors (SCIDs) placed on control and field level of the automation. Each SCID analyzes the specific network traffic of its observation domain and determine anomalies.…”

Section: Methodsmentioning

confidence: 99%

SysDetect: A systematic approach to critical state determination for Industrial Intrusion Detection Systems using Apriori algorithm

Khalili

Sami

2015

Journal of Process Control

View full text Add to dashboard Cite

Section: Methodsmentioning

confidence: 99%

SysDetect: A systematic approach to critical state determination for Industrial Intrusion Detection Systems using Apriori algorithm

Khalili

Sami

2015

Journal of Process Control

View full text Add to dashboard Cite

“…In [1] we proposed a network-based intrusion detection system consisting of multiple autonomous components, called SCADA Intrusion Detectors (SCIDs), as illustrated in Figure 1.…”

Section: Motivationmentioning

confidence: 99%

“…The main contributions of this paper are: (1) we identify the requirements for intrusion detection in ICS; (2) we present an approach for self-learning intrusion detection whose characteristics meet these requirements; (3) on the basis of this approach, we discuss the challenges and future aspects of research for realizing such a tailored self-learning intrusion detection for ICS.…”

Section: Fig 1 Multiple Scids Monitoring An Example Icsmentioning

confidence: 99%

Towards Learning Normality for Anomaly Detection in Industrial Control Networks

Schuster

Paul

König

2013

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Recent trends in automation technology lead to a rising exposition of industrial control systems (ICS) to new vulnerabilities. This requires the introduction of proper security approaches in this field. Prevalent in ICS is the use of access control. Especially in critical infrastructures, however, preventive security measures should be complemented by reactive ones, such as intrusion detection. Beginning from the characteristics of automation networks we outline the implications for a suitable application of intrusion detection in this field. On this basis, an approach for creation of self-learning anomaly detection for ICS protocols is presented. In contrast to other approaches, it takes all network data into account: flow information, application data, and the packet order. We discuss the challenges that have to be solved in each step of the network data analysis to identify future aspects of research towards learning normality in industrial control networks.

show abstract

“…Much of the research on security of industrial automation systems has focused on countermeasures for mitigating security risks; examples of countermeasures are intrusion detection [1,2] certificate management [3] and public key infrastructures [4]. The need for specific countermeasures is based on security risk assessment that comprehensively considers threats to confidentiality, integrity and availability in the application, as is done for example in [5].…”

Section: Introductionmentioning

confidence: 99%

Security impact assessment of industrial automation systems using genetic algorithm and simulation

Papakonstantinou

Sierla

Charitoudi

et al. 2014

Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA)

View full text Add to dashboard Cite

Much of the research on security of industrial automation systems has focused on countermeasures such as intrusion detection, certificate management or public key infrastructures. Due to limited resources, countermeasures should be focused to prevent the attacks with highest potential for damage. The impact of an attack can only be determined through a detailed analysis of the interactions of the automation system and the physical system under control. Attacks against single components are similar to ordinary component failures, so our focus is on deliberate damage to several components, since such scenarios are not considered in reliability engineering methods used for industrial automation systems. A simulation based security impact assessment method is proposed, using genetic algorithms to explore the range of possible attacks.

show abstract

A distributed intrusion detection system for industrial automation networks

Cited by 9 publications

References 11 publications

SysDetect: A systematic approach to critical state determination for Industrial Intrusion Detection Systems using Apriori algorithm

SysDetect: A systematic approach to critical state determination for Industrial Intrusion Detection Systems using Apriori algorithm

Towards Learning Normality for Anomaly Detection in Industrial Control Networks

Security impact assessment of industrial automation systems using genetic algorithm and simulation

Contact Info

Product

Resources

About