State-Based Network Intrusion Detection Systems for SCADA Protocols: A Proof of Concept
作者: Andrea Carcano , Igor Nai Fovino , Marcelo Masera , Alberto Trombetta
DOI: 10.1007/978-3-642-14379-3_12
关键词:
摘要: We present a novel Intrusion Detection System able to detect complex attacks SCADA systems. By attack, we mean set of commands (carried in Modbus packets) that, while licit when considered isolation on single-packet basis, interfere with the correct behavior system. The proposed IDS detects such thanks an internal representation controlled system and corresponding rule language, powerful enough express system's critical states. Furthermore, detail implementation provide experimental comparative results.
springer.com
harvard.edu
springerlink.com参考文章(12)
Andrea Carcano, Igor Nai Fovino, Marcelo Masera, Alberto Trombetta, Scada Malware, a Proof of Concept critical information infrastructures security. ,vol. 5508, pp. 211- 222 ,(2009) , 10.1007/978-3-642-03552-4_19
Samuel East, Jonathan Butts, Mauricio Papa, Sujeet Shenoi, A Taxonomy of Attacks on the DNP3 Protocol international conference on critical infrastructure protection. ,vol. 311, pp. 67- 81 ,(2009) , 10.1007/978-3-642-04798-5_5
Vinod Yegneswaran, Paul Barford, Somesh Jha, Global Intrusion Detection in the DOMINO Overlay System. network and distributed system security symposium. ,(2004)
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Igor Nai Fovino, Marcelo Masera, Emergent Disservices in Interdependent Systems and System-of-Systems systems, man and cybernetics. ,vol. 1, pp. 590- 595 ,(2006) , 10.1109/ICSMC.2006.384449
Philip Gross, Janak Parekh, Gail Kaiser, Secure "selecticast" for collaborative intrusion detection systems "International Workshop on Distributed Event-based Systems (DEBS 2004)" W18L Workshop - 26th International Conference on Software Engineering. pp. 50- 55 ,(2004) , 10.1049/IC:20040382
Peng Ning, Yun Cui, Douglas S. Reeves, Constructing attack scenarios through correlation of intrusion alerts Proceedings of the 9th ACM conference on Computer and communications security - CCS '02. pp. 245- 254 ,(2002) , 10.1145/586110.586144
D.E. Denning, An Intrusion-Detection Model IEEE Transactions on Software Engineering. ,vol. 13, pp. 222- 232 ,(1987) , 10.1109/TSE.1987.232894
F. Cuppens, A. Miege, Alert correlation in a cooperative intrusion detection framework ieee symposium on security and privacy. pp. 202- 215 ,(2002) , 10.1109/SECPRI.2002.1004372
Masera Marcelo, Nai Fovino Igor, A Service Oriented Approach to the Assessment of Infrastructure Security Springer. ,(2007)