Modeling Message Sequences for Intrusion Detection in Industrial Control Systems - Critical Infrastructure Protection IX
Conference Papers Year : 2015

Modeling Message Sequences for Intrusion Detection in Industrial Control Systems

Abstract

Compared with standard information technology systems, industrial control systems show more consistent and regular communications patterns. This characteristic contributes to the stability of controlled processes in critical infrastructures such as power plants, electric grids and water treatment facilities. However, Stuxnet has demonstrated that skilled attackers can strike critical infrastructures by leveraging knowledge about these processes. Sequence attacks subvert infrastructure operations by sending misplaced industrial control system messages. This chapter discusses four main sequence attack scenarios against industrial control systems. Real Modbus, Manufacturing Message Specification and IEC 60870-5-104 traffic samples were used to test sequencing and modeling techniques for describing industrial control system communications. The models were then evaluated to verify the feasibility of identifying sequence attacks. The results create the foundation for developing “sequence-aware” intrusion detection systems.
Fichier principal
Vignette du fichier
978-3-319-26567-4_4_Chapter.pdf (3.13 Mo) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01431013 , version 1 (10-01-2017)

Licence

Identifiers

Cite

Marco Caselli, Emmanuele Zambon, Jonathan Petit, Frank Kargl. Modeling Message Sequences for Intrusion Detection in Industrial Control Systems. 9th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2015, Arlington, VA, United States. pp.49-71, ⟨10.1007/978-3-319-26567-4_4⟩. ⟨hal-01431013⟩
246 View
438 Download

Altmetric

Share

More