论文信息 - SCADA Intrusion Detection Based on Modelling of Allowed Communication Patterns

SCADA Intrusion Detection Based on Modelling of Allowed Communication Patterns

This work presents a network intrusion detection system (NIDS) for SCADA developed as an extension to Snort NIDS, a popular open-source solution targeted at intrusion detection in Internet. The concept of anomaly-based intrusion detection and its applicability in the specific situation of industrial network traffic is discussed. The idea of modelling allowed communication patterns for Modbus RTU protocol is explained and the system concept, utilising n-gram analysis of packet contents, statistical analysis of selected packet features and a Bayesian Network as data fusion component is presented. The implementation details are outlined, including the concept of building the system as a preprocessor for the Snort NIDS. The chapter is concluded by results of test conducted in simulated environment.

Wojciech Tylman

[1] Wojciech Tylman. Anomaly-Based Intrusion Detection Using Bayesian Networks , 2008, 2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX.

[2] Alfonso Valdes,et al. Communication pattern anomaly detection in process control systems , 2009, 2009 IEEE Conference on Technologies for Homeland Security.

[3] Salvatore J. Stolfo,et al. Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[4] Alfonso Valdes,et al. Intrusion Monitoring in Process Control Systems , 2009 .

[5] Ulf Lindqvist,et al. Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[6] Wojciech Tylman. Native Support for Modbus RTU Protocol in Snort Intrusion Detection System , 2013, DepCoS-RELCOMEX.

[7] Judea Pearl,et al. Probabilistic reasoning in intelligent systems - networks of plausible inference , 1991, Morgan Kaufmann series in representation and reasoning.

[8] Hans-Peter Kriegel,et al. Clustering high-dimensional data: A survey on subspace clustering, pattern-based clustering, and correlation clustering , 2009, TKDD.