Colored Petri nets as the enabling technology in intrusion detection systems

Dolgikh, Andrey; Nykodym, Tomas; Skormin, Victor A.; Antonakos, James L.; Baimukhamedov, M.

doi:10.1109/milcom.2011.6127481

Cited by 8 publications

(3 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The existing approaches can be classified mainly into two categories: pattern-based and anomaly-based. Pattern-based approaches (using, e.g., on state transition analysis [254] or Petri nets [255]) compare real-time data with available records of data corresponding to attack situations, hence they are effective only in the case of known attacks, because new or slightly modified old attacks would not have related data stored for comparison. On the other hand, anomaly-based detection approaches detect deviations from normal or expected behavior of the system, without any prior knowledge of the attack.…”

Section: Connected Vehicle Systems [220]mentioning

confidence: 99%

Bibliographical review on cyber attacks from a control oriented perspective

Sánchez

Rotondo

Escobet

et al. 2019

Annual Reviews in Control

106

View full text Add to dashboard Cite

This paper presents a bibliographical review of definitions, classifications and applications concerning cyber attacks in networked control systems (NCSs) and cyber-physical systems (CPSs). This review tackles the topic from a control-oriented perspective, which is complementary to information or communication ones. After motivating the importance of developing new methods for attack detection and secure control, this review presents security objectives, attack modeling, and a characterization of considered attacks and threats presenting the detection mechanisms and remedial actions. In order to show the properties of each attack, as well as to provide some deeper insight into possible defense mechanisms, examples available in the literature are discussed. Finally, open research issues and paths are presented.

show abstract

Section: Connected Vehicle Systems [220]mentioning

confidence: 99%

Bibliographical review on cyber attacks from a control oriented perspective

Sánchez

Rotondo

Escobet

et al. 2019

Annual Reviews in Control

106

View full text Add to dashboard Cite

show abstract

“…Dolgikh et al used CPN as the backbone of the proposed approach to define the functionality of interest as behavior signatures and to serve as the mechanism for the signature detection in IDS [13]. With Petri nets, Voron et al [14] described a formal reference behavior model of the proposed novel approach that automatically generates host-based IDS from program sources.…”

Section: Related Workmentioning

confidence: 99%

Performance Analysis of Honeypot with Petri Nets

Shi¹,

Li²,

Feng³

2018

Information

View full text Add to dashboard Cite

As one of the active defense technologies, the honeypot deceives the latent intruders to interact with the imitated systems or networks deployed with security mechanisms. Its modeling and performance analysis have not been well studied. In this paper, we propose a honeypot performance evaluation scheme based on Stochastic Petri Nets (SPN). We firstly set up performance evaluation models for three types of defense scenarios (i.e., firewall; firewall and Intrusion Detection System (IDS); firewall, IDS and honeypot) based on SPN. We then theoretically analyze the SPN models by constructing Markov Chains (MC), which are isomorphic to the models. With the steady state probabilities based on the MC, the system performance evaluation is done with theoretical inference. Finally, we implement the proposed three SPN models on the PIPE platform. Five parameters are applied to compare and evaluate the performance of the proposed SPN models. The analysis of the probability and delay of three scenarios shows that the simulation results validate the effectiveness in security enhancement of the honeypot under the SPN models.

show abstract

“…An overview of intrusion detection Figure 1 Architecture of cyber physical systems system using genetic algorithm and data mining is presented in [22]. Some efforts have been focused on classification and detection of computer intrusions using Colored Petri-nets [23,12,16]. Anomaly detectors pursue the normal behavior of the system.…”

Section: Introductionmentioning

confidence: 99%

Intrusion Detection in Cyber-Physical Systems Based on Petri Net

Ghazi

Doustmohammadi

2018

ITC

View full text Add to dashboard Cite

Intrusion detection is a major concern in Cyber-Physical Systems (CPSs). In this paper, an algorithm based on Petri Net (PN) is proposed that simultaneously detects misuse and anomaly behavior of the system. The proposed anomaly detection method is applicable to Supervisory Control and Data Acquisition (SCADA) system at the highest level of CPSs. Neural First Order Hybrid Petri Net model (NFOHPN) with online fast Independent Component Analysis (ICA) is proposed for anomaly detection. It is shown that the use of distributed and multidisciplinary intrusion detection methods in different layers of CPSs increases security of the net against coordinated cyber-attacks. Simulation results and comparative studies based on the Defense Advanced Research Projects Agency (DARPA) evaluation datasets demonstrate that the proposed model can detect normal or malicious behavior with satisfying accuracy and at surprisingly high convergence speed.

show abstract

Colored Petri nets as the enabling technology in intrusion detection systems

Cited by 8 publications

References 4 publications

Bibliographical review on cyber attacks from a control oriented perspective

Bibliographical review on cyber attacks from a control oriented perspective

Performance Analysis of Honeypot with Petri Nets

Intrusion Detection in Cyber-Physical Systems Based on Petri Net

Contact Info

Product

Resources

About