Skip to Main content Skip to Navigation
Conference papers

Modeling Message Sequences for Intrusion Detection in Industrial Control Systems

Abstract : Compared with standard information technology systems, industrial control systems show more consistent and regular communications patterns. This characteristic contributes to the stability of controlled processes in critical infrastructures such as power plants, electric grids and water treatment facilities. However, Stuxnet has demonstrated that skilled attackers can strike critical infrastructures by leveraging knowledge about these processes. Sequence attacks subvert infrastructure operations by sending misplaced industrial control system messages. This chapter discusses four main sequence attack scenarios against industrial control systems. Real Modbus, Manufacturing Message Specification and IEC 60870-5-104 traffic samples were used to test sequencing and modeling techniques for describing industrial control system communications. The models were then evaluated to verify the feasibility of identifying sequence attacks. The results create the foundation for developing “sequence-aware” intrusion detection systems.
Document type :
Conference papers
Complete list of metadata

Cited literature [16 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, January 10, 2017 - 2:56:20 PM
Last modification on : Monday, June 15, 2020 - 1:38:03 PM
Long-term archiving on: : Tuesday, April 11, 2017 - 3:18:28 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Marco Caselli, Emmanuele Zambon, Jonathan Petit, Frank Kargl. Modeling Message Sequences for Intrusion Detection in Industrial Control Systems. 9th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2015, Arlington, VA, United States. pp.49-71, ⟨10.1007/978-3-319-26567-4_4⟩. ⟨hal-01431013⟩



Record views


Files downloads