Process-Aware Model-based Intrusion Detection System on Filtering Approach: Further Investigations

Against new emerging cyber-threats targeting Industrial Control Systems (ICSs), Intrusion Detection Systems (IDSs) have emerged as viable solutions for implementing signature or behavioural approaches. The Security Approach based on Filter Execution (S.A.F.E.), a process-aware model-based IDS, deploys detection mechanisms through the implementation of command and report filters close to the process under control. Based on the S.A.F.E. approach, this paper proposes its improvement and novel contributions: a report filter modelling, optimization algorithms for speeding up the computation of the detection indicators and an implementation on a real testbed.

[1]  Franck Sicard,et al.  Process-Aware Model based IDSs for Industrial Control Systems Cybersecurity: Approaches, Limits and Further Research , 2018, 2018 IEEE 23rd International Conference on Emerging Technologies and Factory Automation (ETFA).

[2]  A. Tiwari,et al.  Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective , 2017 .

[3]  Saman A. Zonouz,et al.  A Trusted Safety Verifier for Process Controller Code , 2014, NDSS.

[4]  Michail Maniatakos,et al.  The Cybersecurity Landscape in Industrial Control Systems , 2016, Proceedings of the IEEE.

[5]  Sicard Franck,et al.  From ICS Attacks' Analysis to the S.A.F.E. Approach: Implementation of Filters Based on Behavioral Models and Critical State Distance for ICS Cybersecurity , 2018, 2018 2nd Cyber Security in Networking Conference (CSNet).

[6]  Mohammad Omar Abdullah,et al.  A review on the applications of programmable logic controllers (PLCs) , 2016 .

[7]  Avishai Wool,et al.  Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems , 2013, Int. J. Crit. Infrastructure Prot..

[8]  Frank Mueller,et al.  Time-based intrusion detection in cyber-physical systems , 2010, ICCPS '10.

[9]  Klara Nahrstedt,et al.  EDMAND: Edge-Based Multi-Level Anomaly Detection for SCADA Networks , 2018, 2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm).

[10]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[11]  Pieter H. Hartel,et al.  Through the eye of the PLC: semantic security monitoring for industrial processes , 2014, ACSAC.

[12]  Henrik Sandberg,et al.  Survey and New Directions for Physics-Based Attack Detection in Control Systems , 2016 .

[13]  Nils Ole Tippenhauer,et al.  Cyber-Physical Systems Security Knowledge Area , 2019 .

[14]  Jean-Marie Flaus,et al.  An approach based on behavioral models and critical states distance notion for improving cybersecurity of industrial control systems , 2019, Reliab. Eng. Syst. Saf..