The Nuts and Bolts of Deploying Process-Level IDS in Industrial Control Systems
Paper in proceeding, 2018

Much research effort has recently been devoted to securing Industrial Control Systems (ICS) in response to the increasing number of adverse incidents targeting nation-wide critical infrastructures. Leveraging the static and regular nature of the behavior of control systems, various data-driven methods that monitor the process-level network have been proposed as a defensive measure. Although these methods have been evaluated through offline analysis of ICS-related datasets, in absence of documented live experiments in real environments, a complete and global understanding of the applicability and efficiency of process-level monitoring is still lacking.

In this work, we describe our experience of running a fully fledged intrusion detection system in an operational paper factory for 75 days. We discuss the nuts and bolts of running such systems in real environments and underline several practical challenges in meeting ICS-specific requirements. This work essentially aims at bridging the gap between ICS intrusion detection research and practice, and empirically validating the increasingly adopted data-driven approach to process-level monitoring.

Process-Level Analysis

Cyber-Physical Systems

Industrial Control Systems

Intrusion Detection

PASAD

Deployment

Author

Magnus Almgren

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Wissam Aoudi

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Robert Gustafsson

Student at Chalmers

Robin Krahl

University of Freiburg

Andreas Lindhe

Combitech

ACM International Conference Proceeding Series

17-24
978-1-4503-6220-7 (ISBN)

Annual Computer Security Applications Conference
San Juan, Puerto Rico,

Resilient Information and Control Systems (RICS)

Swedish Civil Contingencies Agency (2015-828), 2015-09-01 -- 2020-08-31.

Integrated cyber-physical solutions for intelligent distribution grid with high penetration of renewables (UNITED-GRID)

European Commission (EC) (EC/H2020/773717), 2017-11-01 -- 2020-04-30.

Areas of Advance

Information and Communication Technology

Subject Categories

Embedded Systems

Computer Science

Computer Systems

DOI

10.1145/3295453.3295456

More information

Latest update

3/21/2023