HAMIDS: Hierarchical Monitoring Intrusion Detection System for Industrial Control Systems
| Title | HAMIDS: Hierarchical Monitoring Intrusion Detection System for Industrial Control Systems |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Ghaeini, Hamid Reza, Tippenhauer, Nils Ole |
| Conference Name | Proceedings of the 2Nd ACM Workshop on Cyber-Physical Systems Security and Privacy |
| Date Published | October 2016 |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4568-2 |
| Keywords | composability, compositionality, ethernet/ip, Human Behavior, ICS Anomaly Detection, IDS, Intrusion detection, Intrusion Detection System (IDS), Intrusion Detection Systems, pubcrawl, Resiliency, SCADA, SCADA Systems Security |
| Abstract | In this paper, we propose a hierarchical monitoring intrusion detection system (HAMIDS) for industrial control systems (ICS). The HAMIDS framework detects the anomalies in both level 0 and level 1 of an industrial control plant. In addition, the framework aggregates the cyber-physical process data in one point for further analysis as part of the intrusion detection process. The novelty of this framework is its ability to detect anomalies that have a distributed impact on the cyber-physical process. The performance of the proposed framework evaluated as part of SWaT security showdown (S3) in which six international teams were invited to test the framework in a real industrial control system. The proposed framework outperformed other proposed academic IDS in term of detection of ICS threats during the S3 event, which was held from July 25-29, 2016 at Singapore University of Technology and Design. |
| URL | https://dl.acm.org/doi/10.1145/2994487.2994492 |
| DOI | 10.1145/2994487.2994492 |
| Citation Key | ghaeini_hamids:_2016 |