Reading Between the Fields: Practical, Effective Intrusion Detection for Industrial Control Systems
| Title | Reading Between the Fields: Practical, Effective Intrusion Detection for Industrial Control Systems |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Yüksel, Ömer, den Hartog, Jerry, Etalle, Sandro |
| Conference Name | Proceedings of the 31st Annual ACM Symposium on Applied Computing |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-3739-7 |
| Keywords | anomaly detection, ICS Anomaly Detection, IDS, industrial control systems, intrusion detection system, Intrusion Detection Systems, Metrics, network control systems, network control systems security, network intrusion detection, networked control systems, pubcrawl, Resiliency, Scalability, security |
| Abstract | Detection of previously unknown attacks and malicious messages is a challenging problem faced by modern network intrusion detection systems. Anomaly-based solutions, despite being able to detect unknown attacks, have not been used often in practice due to their high false positive rate, and because they provide little actionable information to the security officer in case of an alert. In this paper we focus on intrusion detection in industrial control systems networks and we propose an innovative, practical and semantics-aware framework for anomaly detection. The network communication model and alerts generated by our framework are userunderstandable, making them much easier to manage. At the same time the framework exhibits an excellent tradeoff between detection rate and false positive rate, which we show by comparing it with two existing payload-based anomaly detection methods on several ICS datasets. |
| URL | http://doi.acm.org/10.1145/2851613.2851799 |
| DOI | 10.1145/2851613.2851799 |
| Citation Key | yuksel_reading_2016 |