Neural Network based Intrusion Detection System for critical infrastructures

Abstract: Abstract-Resiliency and security in control systems such as SCADA and Nuclear plant's in today's world of hackers and malware are a relevant concern. Computer systems used within critical infrastructures to control physical functions are not immune to the threat of cyber attacks and may be potentially vulnerable. Tailoring an intrusion detection system to the specifics of critical infrastructures can significantly improve the security of such systems. The IDS-NNM -Intrusion Detection System using Neural Networ… Show more

“…The system is validated using 2 weeks of data from a real water treatment facility. The data was captured in the context of the Hermes, [20] network anomaly testbed aware Carcano et al [28,29,59] network anomaly simulation aware Cárdenas et al [31] network anomaly simulation aware Cheung et al [37] network anomaly testbed unaware D'Antonio et al [45] network anomaly none unaware Di Santo et al [49] network anomaly simulation aware Düssel et al [51] network anomaly measurement unaware Goldenberg and Wool [62] network anomaly measurement unaware Gonzalez and Papa [64] network anomaly testbed unaware Hadeli et al [69] network anomaly testbed unaware Hadiosmanovic et al [70] host anomaly measurement unaware Hoeve [76] network anomaly testbed unaware Linda et al [99] network anomaly testbed unaware McEvoy and Wolthusen [105] network anomaly simulation aware Oman and Phillips [116] network anomaly none unaware Premaratne et al [122] network signature testbed unaware Rrushi et al [125,126] network anomaly none aware Valdes and Cheung [145] network anomaly testbed unaware Xiao et al [151] network anomaly none aware Yang et al [152] host anomaly testbed unaware Table 4.2: Overview of surveyed IDS approaches Castor and Midas projects 4 , which also supported the work described in this thesis.…”

“…Similar methods, based only on TCP/IP header fields, are proposed in [99] and [145]. In [99] features, such as the number of IP addresses and the number of packets, are calculated over a sequence of N packets, which is referred to as a window.…”

“…In [99] features, such as the number of IP addresses and the number of packets, are calculated over a sequence of N packets, which is referred to as a window. A neural network is proposed to learn the normal contents of such window.…”

Anomaly detection in SCADA systems : a network based approach

“…The system is validated using 2 weeks of data from a real water treatment facility. The data was captured in the context of the Hermes, [20] network anomaly testbed aware Carcano et al [28,29,59] network anomaly simulation aware Cárdenas et al [31] network anomaly simulation aware Cheung et al [37] network anomaly testbed unaware D'Antonio et al [45] network anomaly none unaware Di Santo et al [49] network anomaly simulation aware Düssel et al [51] network anomaly measurement unaware Goldenberg and Wool [62] network anomaly measurement unaware Gonzalez and Papa [64] network anomaly testbed unaware Hadeli et al [69] network anomaly testbed unaware Hadiosmanovic et al [70] host anomaly measurement unaware Hoeve [76] network anomaly testbed unaware Linda et al [99] network anomaly testbed unaware McEvoy and Wolthusen [105] network anomaly simulation aware Oman and Phillips [116] network anomaly none unaware Premaratne et al [122] network signature testbed unaware Rrushi et al [125,126] network anomaly none aware Valdes and Cheung [145] network anomaly testbed unaware Xiao et al [151] network anomaly none aware Yang et al [152] host anomaly testbed unaware Table 4.2: Overview of surveyed IDS approaches Castor and Midas projects 4 , which also supported the work described in this thesis.…”

“…Similar methods, based only on TCP/IP header fields, are proposed in [99] and [145]. In [99] features, such as the number of IP addresses and the number of packets, are calculated over a sequence of N packets, which is referred to as a window.…”

“…In [99] features, such as the number of IP addresses and the number of packets, are calculated over a sequence of N packets, which is referred to as a window. A neural network is proposed to learn the normal contents of such window.…”

Anomaly detection in SCADA systems : a network based approach

“…The first strategy aims at a adapting best IT security practices in the ICS domain. For example, authors adjust common approaches for detecting intrusions to support ICS communication protocols [66,67,128], implement "'defence in depth" [9], incorporate encryption into network protocols [73], apply defensive deception behaviour in ICS [92].…”

“…For example, some authors analyze protocol vulnerabilities [11,21,122], explore the lack of compliance to protocol specifications in different PLCs [29,107] and the feasibility of device fingerprinting [2]. To address security threats some efforts exploit communication patterns for anomalydetection [109,67] However, the effects that one can find at the flow-level remain limited; detecting semantic process changes requires inspection of the application layer. Consequently, some authors propose to parse network protocols for extracting information that can highlight changes to the process environment.…”

Process matters: cyber security in industrial control systems

Supervisory Control and Data Acquisition (SCADA): An Introduction