A survey of intrusion detection on industrial control systems

Hu, Yan; An, Yang; Li, Hong; Sun, Yan; Sun, Limin

doi:10.1177/1550147718794615

Cited by 127 publications

(77 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hu et al provided a survey of intrusion detection on industrial control systems [26]. They proposed IDS taxonomy based on the following techniques: protocol analysis, traffic mining, and control process analysis, and analyzed the advantages and disadvantages of different IDS categories.…”

Section: Motivation and Related Workmentioning

confidence: 99%

“…Third, we try to establish correspondence between different approaches to the classification of intrusion detection methodologies used in SCADA networks. Unlike [22], [23] and [26], we do not attempt to propose SCADA-specific classification trees, but rather follow a well-established IDS classification for general-purpose IT systems.…”

Section: Motivation and Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Review of Research Work on Network-Based SCADA Intrusion Detection Systems

2020

View full text Add to dashboard Cite

Specific intrusion detection systems (IDSs) are needed to secure modern supervisory control and data acquisition (SCADA) systems due to their architecture, stringent real-time requirements, network traffic features and specific application layer protocols. This article aims to contribute to assess the state-ofthe-art, identify the open issues and provide an insight for future study areas. To achieve these objectives, we start from the factors that impact the design of dedicated intrusion detection systems in SCADA networks and focus on network-based IDS solutions. We propose a structured evaluation methodology that encompasses detection techniques, protected protocols, implementation tools, test environments and IDS performance. Special attention is focused on assessing implementation maturity as well as the applicability of each surveyed solution in the Future Internet environment. Based on that, we provide a brief description and evaluation of 26 selected research papers, published in the period 2015-2019. Results of our analysis indicate considerable progress regarding the development of machine learning-based detection methods, implementation platforms, and to some extent, sophisticated testbeds. We also identify research gaps and conclude the analysis with a list of the most important directions for further research.

show abstract

Section: Motivation and Related Workmentioning

confidence: 99%

Section: Motivation and Related Workmentioning

confidence: 99%

A Review of Research Work on Network-Based SCADA Intrusion Detection Systems

2020

View full text Add to dashboard Cite

show abstract

“…[1]. Intrusion detection can be a viable approach to safeguard the ICS against cyber-attacks [2]. Apart from monitoring the network traffic, there is growing interest in exploiting physical properties (e.g., temperature, pressure, etc.)…”

Section: Introductionmentioning

confidence: 99%

An Improved Industrial Control System Device Logs Processing Method for Process-Based Anomaly Detection

Hussain

Foo

Suriadi

2019

2019 International Conference on Frontiers of Information Technology (FIT)

View full text Add to dashboard Cite

Detecting process-based attacks on industrial control systems (ICS) is challenging. These cyber-attacks are designed to disrupt the industrial process by changing the state of a system, while keeping the system's behaviour close to the expected behaviour. Such anomalous behaviour can be effectively detected by an event-driven approach. Petri Net (PN) model identification has proved to be an effective method for event-driven system analysis and anomaly detection. However, PN identification-based anomaly detection methods require ICS device logs to be converted into event logs (sequence of events). Therefore, in this paper we present a formalised method for pre-processing and transforming ICS device logs into event logs. The proposed approach outperforms the previous methods of device logs processing in terms of anomaly detection. We have demonstrated the results using two published datasets.

show abstract

“…Moreover, when talking about Industrial Control Systems (ICSs) that have specific requirements and characteristics novel taxonomies were recently proposed. Authors in [6] proposed a classification of IDSs ICS that divides them into three new categories: protocol analysis-based, traffic mining-based, and control process analysis-based.Countermeasures are taken according to the information obtained regarding the detected attacks from the detection systems. The better classification of the type of attack is provided, the more efficient will the chosen countermeasures be and the less will they affect the proper operation of the system or network.…”

mentioning

confidence: 99%

mentioning

confidence: 99%

RDTIDS: Rules and Decision Tree-Based Intrusion Detection System for Internet-of-Things Networks

et al. 2020

View full text Add to dashboard Cite

This paper proposes a novel intrusion detection system (IDS), named RDTIDS, for Internet-of-Things (IoT) networks. The RDTIDS combines different classifier approaches which are based on decision tree and rules-based concepts, namely, REP Tree, JRip algorithm and Forest PA. Specifically, the first and second method take as inputs features of the data set, and classify the network traffic as Attack/Benign. The third classifier uses features of the initial data set in addition to the outputs of the first and the second classifier as inputs. The experimental results obtained by analyzing the proposed IDS using the CICIDS2017 dataset and BoT-IoT dataset, attest their superiority in terms of accuracy, detection rate, false alarm rate and time overhead as compared to state of the art existing schemes.

show abstract

A survey of intrusion detection on industrial control systems

Cited by 127 publications

References 44 publications

A Review of Research Work on Network-Based SCADA Intrusion Detection Systems

A Review of Research Work on Network-Based SCADA Intrusion Detection Systems

An Improved Industrial Control System Device Logs Processing Method for Process-Based Anomaly Detection

RDTIDS: Rules and Decision Tree-Based Intrusion Detection System for Internet-of-Things Networks

Contact Info

Product

Resources

About