FPGA-based network intrusion detection for IEC 61850-based industrial network

Kim, Junsik; Park, Jaehyun

doi:10.1016/j.icte.2018.01.002

Cited by 21 publications

(6 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Signature Routable [44] SVM and PSO-OCSVM ( Particle Swarm Optimization One-class Support Vector Machine)…”

Section: Main Ai Techniques Applied In Ids For Industrial Networkmentioning

confidence: 99%

Cybersecurity in Industrial Networks: Artificial Intelligence Techniques Applied to Intrusion Detection Systems

Luis de Moura,

Franqueira,

Pessin

2023

2023 Congress in Computer Science, Computer Engineering, &Amp;amp; Applied Computing (CSCE)

View full text Add to dashboard Cite

Industrial control systems (ICS) operate on serialbased networks which lack proper security safeguards by design. They are also becoming more integrated to corporate networks, creating new vulnerabilities which expose ICS networks to increasing levels of risk with potentially significant impact. Despite those risks, only a few mechanisms have been suggested and are available in practice as cybersecurity safeguards for the ICS network layer, maybe because they might not be commercially viable. Intrusion detection systems (IDS) are typically deployed in the corporate networks to protect against attacks since they are based on TCP/IP. However, IDS are not used in serialbased ICS networks yet. This study examines and compares modern Artificial Intelligence (AI) techniques applied in IDS that are potentially useful for serial-based ICS networks. The results showed that current AI-based IDS methods are viable in such networks. A mix of AI techniques would be the best way forward to detect known attacks via rules and novel attacks, not previously mapped, via supervised and unsupervised techniques. Despite these strategies' limited use in serial-based networks, their adoption could significantly strengthen cybersecurity of ICS networks.

show abstract

“…Signature Routable [44] SVM and PSO-OCSVM ( Particle Swarm Optimization One-class Support Vector Machine)…”

Section: Main Ai Techniques Applied In Ids For Industrial Networkmentioning

confidence: 99%

Cybersecurity in Industrial Networks: Artificial Intelligence Techniques Applied to Intrusion Detection Systems

Luis de Moura,

Franqueira,

Pessin

2023

2023 Congress in Computer Science, Computer Engineering, &Amp;amp; Applied Computing (CSCE)

View full text Add to dashboard Cite

show abstract

“…Specifically, their framework splits the traffic into homogeneous groups of packets to different hardware blocks, which support smaller rule sets. Kim and Park [40] proposed an FPGA-based NIDS for detecting malicious network packets within messages of the IEC 61850 type. Zhao et al [41] presented the novel Pigasus IDS/IPS tool, which is the first work where the majority of processing and all state and control flow are managed on an FPGA device.…”

Section: Fpga-based Pattern Matchingmentioning

confidence: 99%

The Diversification and Enhancement of an IDS Scheme for the Cybersecurity Needs of Modern Supply Chains

Deyannis

Papadogiannaki

Chrysos³

et al. 2022

Electronics

View full text Add to dashboard Cite

Despite the tremendous socioeconomic importance of supply chains (SCs), security officers and operators are faced with no easy and integrated way for protecting their critical, and interconnected, infrastructures from cyber-attacks. As a result, solutions and methodologies that support the detection of malicious activity on SCs are constantly researched into and proposed. Hence, this work presents the implementation of a low-cost reconfigurable intrusion detection system (IDS), on the edge, that can be easily integrated into SC networks, thereby elevating the featured levels of security. Specifically, the proposed system offers real-time cybersecurity intrusion detection over high-speed networks and services by offloading elements of the security check workloads on dedicated reconfigurable hardware. Our solution uses a novel framework that implements the Aho–Corasick algorithm on the reconfigurable fabric of a multi-processor system-on-chip (MPSoC), which supports parallel matching for multiple network packet patterns. The initial performance evaluation of this proof-of-concept shows that it holds the potential to outperform existing software-based solutions while unburdening SC nodes from demanding cybersecurity check workloads. The proposed system performance and its efficiency were evaluated using a real-life environment in the context of European Union’s Horizon 2020 research and innovation program, i.e., CYRENE.

show abstract

“…Currently, the related research on intrusion detection techniques for industrial control systems can be categorized into two main categories: signature-based and anomalybased. Signature-based intrusion detection establishes a signature library based on the intrusion behaviors that have occurred and detects them by matching [1,2]. However, signature-based methods cannot detect attacks that do not exist in the signature library and also face problems such as signature library expansion, reduced detection efficiency, and increased storage overhead, which makes it difficult to meet the needs of today's industry for intrusion detection systems.…”

Section: Introductionmentioning

confidence: 99%

A Lightweight Unsupervised Intrusion Detection Model Based on Variational Auto-Encoder

Ren,

Feng,

et al. 2023

Sensors

View full text Add to dashboard Cite

With the gradual integration of internet technology and the industrial control field, industrial control systems (ICSs) have begun to access public networks on a large scale. Attackers use these public network interfaces to launch frequent invasions of industrial control systems, thus resulting in equipment failure and downtime, production data leakage, and other serious harm. To ensure security, ICSs urgently need a mature intrusion detection mechanism. Most of the existing research on intrusion detection in ICSs focuses on improving the accuracy of intrusion detection, thereby ignoring the problem of limited equipment resources in industrial control environments, which makes it difficult to apply excellent intrusion detection algorithms in practice. In this study, we first use the spectral residual (SR) algorithm to process the data; we then propose the improved lightweight variational autoencoder (LVA) with autoregression to reconstruct the data, and we finally perform anomaly determination based on the permutation entropy (PE) algorithm. We construct a lightweight unsupervised intrusion detection model named LVA-SP. The model as a whole adopts a lightweight design with a simpler network structure and fewer parameters, which achieves a balance between the detection accuracy and the system resource overhead. Experimental results on the ICSs dataset show that our proposed LVA-SP model achieved an F1-score of 84.81% and has advantages in terms of time and memory overhead.

show abstract

FPGA-based network intrusion detection for IEC 61850-based industrial network

Cited by 21 publications

References 10 publications

Cybersecurity in Industrial Networks: Artificial Intelligence Techniques Applied to Intrusion Detection Systems

Cybersecurity in Industrial Networks: Artificial Intelligence Techniques Applied to Intrusion Detection Systems

The Diversification and Enhancement of an IDS Scheme for the Cybersecurity Needs of Modern Supply Chains

A Lightweight Unsupervised Intrusion Detection Model Based on Variational Auto-Encoder

Contact Info

Product

Resources

About