论文信息 - Modbus/DNP3 State-Based Intrusion Detection System

Modbus/DNP3 State-Based Intrusion Detection System

The security of Industrial Critical Infrastructures is become a prominent problem with the advent of modern ICT technologies used to improve the performances and the features of the SCADA systems. In this paper we present an innovative approach to the design of Intrusion Detection Systems. The aim is to be able to detect complex attacks to SCADA systems, by monitoring its state evolution. By complex attack, we mean attacks composed of a set of commands that, while licit when considered in isolation on a single-packet basis, can disrupt the correct behavior of the system when executed in particular operating states. The proposed IDS detects these complex attacks thanks to an internal representation of the controlled SCADA system. We also present the corresponding rule language powerful enough to express the system’s critical states. Furthermore, we present a prototype of the proposed IDS, able to monitor systems using the ModBus and DNP3 communication protocols.

[1] Nai Fovino Igor,et al. Modelling Information Assets for Security Risk Assessment in Industrial Settings , 2006 .

[2] Frédéric Cuppens,et al. Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[3] Somesh Jha,et al. Global Intrusion Detection in the DOMINO Overlay System , 2004, NDSS.

[4] Nai Fovino Igor,et al. A Service Oriented Approach to the Assessment of Infrastructure Security , 2007 .

[5] Philip Gross,et al. Secure "selecticast" for collaborative intrusion detection systems , 2004, ICSE 2004.

[6] Peng Ning,et al. Constructing attack scenarios through correlation of intrusion alerts , 2002, CCS '02.

[7] Dorothy E. Denning,et al. An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[8] Martin Roesch,et al. Snort - Lightweight Intrusion Detection for Networks , 1999 .

[9] Igor Nai Fovino,et al. Scada Malware, a Proof of Concept , 2008, CRITIS.

[10] Masera Marcelo,et al. Models for Security Assessment and Management , 2006 .

[11] Igor Nai Fovino,et al. Effects of intentional threats to power substation control systems , 2008, Int. J. Crit. Infrastructures.

[12] Igor Nai Fovino,et al. Emergent Disservices in Interdependent Systems and System-of-Systems , 2006, 2006 IEEE International Conference on Systems, Man and Cybernetics.