Model based rules generation for Intrusion Detection System for industrial systems *

The security of cyber-physical systems (CPS) is a major concern and intrusion detection systems (IDS) are used to ensure this security. Model-based IDSs rely on the CPS model to detect abnormal behaviors. In this article, a model-based IDS rule generator is proposed, which converts a system model into anomaly-based IDS rules. In addition, the effectiveness of the rules generated is proven by a case study.

[1]  G. Manimaran,et al.  Model-based intrustion detection for the smart grid (MINDS) , 2013, CSIIRW '13.

[2]  Rayford B. Vaughn,et al.  A Retrofit Network Intrusion Detection System for MODBUS RTU and ASCII Industrial Control Systems , 2012, 2012 45th Hawaii International Conference on System Sciences.

[3]  Sakir Sezer,et al.  Rule-Based Intrusion Detection System for SCADA Networks , 2013 .

[4]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[5]  Xiaohong Guan,et al.  Enhanced Hidden Moving Target Defense in Smart Grids , 2019, IEEE Transactions on Smart Grid.

[6]  Jiankang Wang,et al.  Application of Correlation Indices on Intrusion Detection Systems: Protecting the Power Grid Against Coordinated Attacks , 2018, ArXiv.

[7]  Ernest Foo,et al.  Process Discovery for Industrial Control System Cyber Attack Detection , 2017, SEC.

[8]  Dale Peterson,et al.  Quickdraw: Generating Security Log Events for Legacy SCADA and Control System Devices , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[9]  Frank Kargl,et al.  Modeling Message Sequences for Intrusion Detection in Industrial Control Systems , 2015, Critical Infrastructure Protection.

[10]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[11]  Dilip Patel,et al.  Assessing and augmenting SCADA cyber security: A survey of techniques , 2017, Comput. Secur..

[12]  Ravishankar K. Iyer,et al.  Software-Defined Networking for Smart Grid Resilience: Opportunities and Challenges , 2015, CPSS@ASIACSS.

[13]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[14]  Robin A. Gandhi,et al.  An integrated framework for control system simulation and regulatory compliance monitoring , 2011, Int. J. Crit. Infrastructure Prot..

[15]  Henrik Sandberg,et al.  Limiting the Impact of Stealthy Attacks on Industrial Control Systems , 2016, CCS.

[16]  Béla Genge,et al.  A clustering-based approach to detect cyber attacks in process control systems , 2015, 2015 IEEE 13th International Conference on Industrial Informatics (INDIN).