On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems

Gao, Wei; Morris, Thomas H.

doi:10.15394/jdfsl.2014.1162

Cited by 47 publications

(33 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, an urgent growing concern has emerged for protecting control systems against attacks launched in cyberspace. To detect such attacks, one can rely on the profile of anomaly patterns [30]- [33]. As an example, Carcano et al [30] proposed an intrusion detection method for SCADA system based on tracking the so-called critical states that correspond to dangerous or unwanted situations in the monitored system.…”

Section: Related Workmentioning

confidence: 99%

Detecting cyberattacks in industrial control systems using online learning algorithms

Shen

Zhao

et al. 2019

Neurocomputing

View full text Add to dashboard Cite

Industrial control systems are critical to the operation of industrial facilities, especially for critical infrastructures, such as refineries, power grids, and transportation systems. Similar to other information systems, a significant threat to industrial control systems is the attack from cyberspace-the offensive maneuvers launched by "anonymous" in the digital world that target computer-based assets with the goal of compromising a system's functions or probing for information. Owing to the importance of industrial control systems, and the possibly devastating consequences of being attacked, significant endeavors have been attempted to secure industrial control systems from cyberattacks. Among them are intrusion detection systems that serve as the first line of defense by monitoring and reporting potentially malicious activities. Classical machine-learning-based intrusion detection methods usually generate prediction models by learning modest-sized training samples all at once. Such approach is not always applicable to industrial control systems, as industrial control systems must process continuous control commands with limited computational resources in a nonstop way. To satisfy such requirements, we propose using online learning to learn prediction models from the controlling data stream. We introduce several state-of-the-art online learning algorithms categorically, and illustrate their efficacies on two typically used testbeds-power system and gas pipeline. Further, we explore a new cost-sensitive online learning algorithm to solve the class-imbalance problem that is pervasive in industrial intrusion detection systems. Our experimental results indicate that the proposed algorithm can achieve an overall improvement in the detection rate of cyberattacks in industrial control systems.

show abstract

Section: Related Workmentioning

confidence: 99%

Detecting cyberattacks in industrial control systems using online learning algorithms

Shen

Zhao

et al. 2019

Neurocomputing

View full text Add to dashboard Cite

show abstract

“…A summary of the related work is listed in Table 1. There are reviews addressing the chal- Scientific Work Reviews [19,27] Graph-based methods [2,12,13,36,37,41,42] Graph-based and time-sensitive methods [1,45] Machine learning-based [6,14,32] Statistical processes [33,44,48,50] Wavelet analysis [25,31,35] Industrial Intrusion Detection [3,15,18,20,23,28,34,38,39,46] lenge of anomaly detection for intrusion detection. García-Teodoro et al address the challenges of this field of work while presenting techniques and systems [19].…”

Section: Related Workmentioning

confidence: 99%

Using Temporal and Topological Features for Intrusion Detection in Operational Networks

Antón¹,

Fraunholz²,

Schotten³

2019

Proceedings of the 14th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Until two decades ago, industrial networks were deemed secure due to physical separation from public networks. An abundance of successful attacks proved that assumption wrong. Intrusion detection solutions for industrial application need to meet certain requirements that differ from home-and office-environments, such as working without feedback to the process and compatibility with legacy systems. Industrial systems are commonly used for several decades, updates are often difficult and expensive. Furthermore, most industrial protocols do not have inherent authentication or encryption mechanisms, allowing for easy lateral movement of an intruder once the perimeter is breached. In this work, an algorithm for motif discovery in time series, Matrix Profiles, is used to detect outliers in the timing behaviour of an industrial process. This process was monitored in an experimental environment, containing ground truth labels after attacks were performed. Furthermore, the graph representations of a different industrial data set that has been emulated are used to detect malicious activities. These activities can be derived from anomalous communication patterns, represented as edges in the graph. Finally, an integration concept for both methods is proposed.• Security and privacy → Intrusion detection systems; Network security; • Theory of computation → Design and analysis of algorithms; • Applied computing → Enterprise architectures.

show abstract

“…One-Class Support Vector Machine (OCSVM) as a machine learning algorithm to detect novel and unknown attacks is presented by Maglaras and Jiang [23]. Approaches to detect attacks in Modbus data with the help of signatures is presented by Gao and Morris [12]. The security of future industrial applications with the integration of the IIoT is addressed by Plaga et al [28,29].…”

Section: Related Workmentioning

confidence: 99%

Security in Process

Antón

Lohfink

Garth

et al. 2019

Proceedings of the Third Central European Cybersecurity Conference

View full text Add to dashboard Cite

Due to the fourth industrial revolution, industrial applications make use of the progress in communication and embedded devices. This allows industrial users to increase efficiency and manageability while reducing cost and effort. Furthermore, the fourth industrial revolution, creating the so-called Industry 4.0, opens a variety of novel use and business cases in the industrial environment. However, this progress comes at the cost of an enlarged attack surface of industrial companies. Operational networks that have previously been phyiscally separated from public networks are now connected in order to make use of new communication capabilites. This motivates the need for industrial intrusion detection solutions that are compatible to the long-term operation machines in industry as well as the heterogeneous and fast-changing networks. In this work, process data is analysed. The data is created and monitored on real-world hardware. After a set up phase, attacks are introduced into the systems that influence the process behaviour. A time series-based anomaly detection approach, the Matrix Profiles, are adapted to the specific needs and applied to the intrusion detection.The results indicate an applicability of these methods to detect attacks in the process behaviour. Furthermore, they are easily integrated into existing process environments. Additionally, one-class classifiers One-Class Support Vector Machines and Isolation Forest are applied to the data without a notion of timing. While Matrix Profiles perform well in terms of creating and visualising results, the one-class classifiers perform poorly. CCS CONCEPTS• Security and privacy → Intrusion detection systems; Network security.

show abstract

On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems

Cited by 47 publications

References 18 publications

Detecting cyberattacks in industrial control systems using online learning algorithms

Detecting cyberattacks in industrial control systems using online learning algorithms

Using Temporal and Topological Features for Intrusion Detection in Operational Networks

Security in Process

Contact Info

Product

Resources

About