Modeling Message Sequences for Intrusion Detection in Industrial Control Systems

Abstract : Compared with standard information technology systems, industrial control systems show more consistent and regular communications patterns. This characteristic contributes to the stability of controlled processes in critical infrastructures such as power plants, electric grids and water treatment facilities. However, Stuxnet has demonstrated that skilled attackers can strike critical infrastructures by leveraging knowledge about these processes. Sequence attacks subvert infrastructure operations by sending misplaced industrial control system messages. This chapter discusses four main sequence attack scenarios against industrial control systems. Real Modbus, Manufacturing Message Specification and IEC 60870-5-104 traffic samples were used to test sequencing and modeling techniques for describing industrial control system communications. The models were then evaluated to verify the feasibility of identifying sequence attacks. The results create the foundation for developing “sequence-aware” intrusion detection systems.
Type de document :
Communication dans un congrès
Mason Rice; Sujeet Shenoi. 9th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2015, Arlington, VA, United States. IFIP Advances in Information and Communication Technology, AICT-466, pp.49-71, 2015, Critical Infrastructure Protection IX. 〈10.1007/978-3-319-26567-4_4〉
Liste complète des métadonnées

Littérature citée [16 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01431013
Contributeur : Hal Ifip <>
Soumis le : mardi 10 janvier 2017 - 14:56:20
Dernière modification le : mercredi 11 janvier 2017 - 14:28:58
Document(s) archivé(s) le : mardi 11 avril 2017 - 15:18:28

Fichier

978-3-319-26567-4_4_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Marco Caselli, Emmanuele Zambon, Jonathan Petit, Frank Kargl. Modeling Message Sequences for Intrusion Detection in Industrial Control Systems. Mason Rice; Sujeet Shenoi. 9th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2015, Arlington, VA, United States. IFIP Advances in Information and Communication Technology, AICT-466, pp.49-71, 2015, Critical Infrastructure Protection IX. 〈10.1007/978-3-319-26567-4_4〉. 〈hal-01431013〉

Partager

Métriques

Consultations de la notice

70

Téléchargements de fichiers

23