Using Model-based Intrusion Detection for SCADA Networks
作者: Bruno Dutertre , Steven Cheung , Martin Fong , Alfonso Valdes , Ulf Lindqvist
DOI:
关键词:
摘要: In a model-based intrusion detection approach for protecting SCADA networks, we construct models that characterize the expected/acceptable behavior of system, and detect attacks cause violations these models. Process control networks tend to have static topologies, regular trac patterns, limited number applications protocols running on them. Thus, believe monitoring, which has potential detecting unknown attacks, is more feasible than general enterprise networks. To this end, describe three techniques developed prototype implementation them monitoring Modbus TCP
sri.com 参考文章(8)
R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang, S. Zhou, Specification-based anomaly detection Proceedings of the 9th ACM conference on Computer and communications security - CCS '02. pp. 265- 274 ,(2002) , 10.1145/586110.586146
Alfonso Valdes, Keith Skinner, Adaptive, Model-Based Monitoring for Cyber Attack Detection recent advances in intrusion detection. pp. 80- 92 ,(2000) , 10.1007/3-540-39945-3_6
S. Owre, J. Rushby, N. Shankar, F. von Henke, Formal verification for fault-tolerant architectures: prolegomena to the design of PVS IEEE Transactions on Software Engineering. ,vol. 21, pp. 107- 125 ,(1995) , 10.1109/32.345827
Bruno Dutertre, Formal Modeling and Analysis of the Modbus Protocol international conference on critical infrastructure protection. pp. 189- 204 ,(2007) , 10.1007/978-0-387-75462-8_14
Anil Somayaji, Steven A. Hofmeyr, Thomas A. Longstaff, Stephanie Forrest, A sense of self for Unix processes ieee symposium on security and privacy. pp. 120- 128 ,(1996) , 10.5555/525080.884258
C. Ko, M. Ruschitzka, K. Levitt, Execution monitoring of security-critical programs in distributed systems: a specification-based approach ieee symposium on security and privacy. pp. 175- 187 ,(1997) , 10.1109/SECPRI.1997.601332
U. Lindqvist, P.A. Porras, Detecting computer and network misuse through the production-based expert system toolset (P-BEST) ieee symposium on security and privacy. pp. 146- 161 ,(1999) , 10.1109/SECPRI.1999.766911
Peter G. Neumann, Phillip A. Porras, Ravenswood Avenue, EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances computer and communications security. pp. 245- 254 ,(2002)