A SCADA Intrusion Detection Framework That Incorporates Process Semantics
Title | A SCADA Intrusion Detection Framework That Incorporates Process Semantics |
Publication Type | Conference Paper |
Year of Publication | 2016 |
Authors | Nivethan, Jeyasingam, Papa, Mauricio |
Conference Name | Proceedings of the 11th Annual Cyber and Information Security Research Conference |
Date Published | April 2016 |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-3752-6 |
Keywords | i-o systems security, i/o systems security, Intrusion detection, io systems security, network intrusion detection, Network security, process monitoring, pubcrawl, SCADA Security, Scalability |
Abstract | SCADA security is an increasingly important research area as these systems, used for process control and automation, are being exposed to the Internet due to their use of TCP/IP protocols as a transport mechanism for control messages. Most of the existing research work on SCADA systems has focused on addressing SCADA security by monitoring attacks or anomalies at the network level. The main issue affecting these systems today is that by focusing our attention on network-level monitoring needs, security practitioners may remain unaware of process level constraints. The proposed framework helps ensure that a mechanism is in place to help map process level constraints, as described by process engineers, to network level monitoring needs. Existing solutions have tried to address this problem but have not been able to fully bridge the gap between the process and the network. The goal of this research is to provide a solution that (i) leverages the knowledge process engineers have about the system (to help strengthen cyber security) and that has the ability to (ii) seamlessly monitors process constraints at the network level using standard network security tools. A prototype system for the Modbus TCP protocol and the Bro IDS has been built to validate the approach. |
URL | https://dl.acm.org/doi/10.1145/2897795.2897814 |
DOI | 10.1145/2897795.2897814 |
Citation Key | nivethan_scada_2016 |