Visible to the public A SCADA Intrusion Detection Framework That Incorporates Process Semantics

TitleA SCADA Intrusion Detection Framework That Incorporates Process Semantics
Publication TypeConference Paper
Year of Publication2016
AuthorsNivethan, Jeyasingam, Papa, Mauricio
Conference NameProceedings of the 11th Annual Cyber and Information Security Research Conference
Date PublishedApril 2016
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-3752-6
Keywordsi-o systems security, i/o systems security, Intrusion detection, io systems security, network intrusion detection, Network security, process monitoring, pubcrawl, SCADA Security, Scalability
Abstract

SCADA security is an increasingly important research area as these systems, used for process control and automation, are being exposed to the Internet due to their use of TCP/IP protocols as a transport mechanism for control messages. Most of the existing research work on SCADA systems has focused on addressing SCADA security by monitoring attacks or anomalies at the network level. The main issue affecting these systems today is that by focusing our attention on network-level monitoring needs, security practitioners may remain unaware of process level constraints. The proposed framework helps ensure that a mechanism is in place to help map process level constraints, as described by process engineers, to network level monitoring needs. Existing solutions have tried to address this problem but have not been able to fully bridge the gap between the process and the network. The goal of this research is to provide a solution that (i) leverages the knowledge process engineers have about the system (to help strengthen cyber security) and that has the ability to (ii) seamlessly monitors process constraints at the network level using standard network security tools. A prototype system for the Modbus TCP protocol and the Bro IDS has been built to validate the approach.

URLhttps://dl.acm.org/doi/10.1145/2897795.2897814
DOI10.1145/2897795.2897814
Citation Keynivethan_scada_2016