Distributed Intrusion Detection System for SCADA Protocols

This paper presents an innovative, distributed, multilayer approach for detecting known and unknown attacks on industrial control systems. The approach employs process event correlation, critical state detection and critical state aggregation. The paper also describes a prototype implementation and provides experimental results that validate the intrusion detection approach.

[1]  Igor Nai Fovino,et al.  Scada Malware, a Proof of Concept , 2008, CRITIS.

[2]  Somesh Jha,et al.  Global Intrusion Detection in the DOMINO Overlay System , 2004, NDSS.

[3]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[4]  Sujeet Shenoi,et al.  Critical Infrastructure Protection II - Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, George Mason University, Arlington, Virginia, USA, March 17-19, 2008, Revised Papers , 2009, IFIP Advances in Information and Communication Technology.

[5]  Igor Nai Fovino,et al.  A Service-Oriented Approach for Assessing Infrastructure Security , 2007, Critical Infrastructure Protection.

[6]  Frédéric Cuppens,et al.  Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[7]  Nai Fovino Igor,et al.  Modelling Information Assets for Security Risk Assessment in Industrial Settings , 2006 .

[8]  Igor Nai Fovino,et al.  Emergent Disservices in Interdependent Systems and System-of-Systems , 2006, 2006 IEEE International Conference on Systems, Man and Cybernetics.

[9]  Igor Nai Fovino,et al.  Security Assessment Of A Turbo-Gas Power Plant , 2008, Critical Infrastructure Protection.

[10]  Peng Ning,et al.  Constructing attack scenarios through correlation of intrusion alerts , 2002, CCS '02.

[11]  Masera Marcelo,et al.  Models for Security Assessment and Management , 2006 .

[12]  Igor Nai Fovino,et al.  Effects of intentional threats to power substation control systems , 2008, Int. J. Crit. Infrastructures.

[13]  Philip Gross,et al.  Secure "selecticast" for collaborative intrusion detection systems , 2004, ICSE 2004.