The Nuts and Bolts of Deploying Process-Level IDS in Industrial Control Systems
Paper i proceeding, 2018

Much research effort has recently been devoted to securing Industrial Control Systems (ICS) in response to the increasing number of adverse incidents targeting nation-wide critical infrastructures. Leveraging the static and regular nature of the behavior of control systems, various data-driven methods that monitor the process-level network have been proposed as a defensive measure. Although these methods have been evaluated through offline analysis of ICS-related datasets, in absence of documented live experiments in real environments, a complete and global understanding of the applicability and efficiency of process-level monitoring is still lacking.

In this work, we describe our experience of running a fully fledged intrusion detection system in an operational paper factory for 75 days. We discuss the nuts and bolts of running such systems in real environments and underline several practical challenges in meeting ICS-specific requirements. This work essentially aims at bridging the gap between ICS intrusion detection research and practice, and empirically validating the increasingly adopted data-driven approach to process-level monitoring.

Cyber-Physical Systems

Industrial Control Systems

Process-Level Analysis



Intrusion Detection


Magnus Almgren

Chalmers, Data- och informationsteknik, Nätverk och system

Wissam Aoudi

Chalmers, Data- och informationsteknik, Nätverk och system

Robert Gustafsson

Student vid Chalmers

Robin Krahl

Albert-Ludwigs-Universität Freiburg

Andreas Lindhe


Proceedings of the 4th Annual Industrial Control System Security Workshop


Annual Computer Security Applications Conference
San Juan, Puerto Rico,

Säkra IT-system för drift och övervakning av samhällskritisk infrastruktur

Myndigheten för samhällsskydd och beredskap, 2015-09-01 -- 2020-08-31.

Integrated cyber-physical solutions for intelligent distribution grid with high penetration of renewables (UNITED-GRID)

Europeiska kommissionen (Horisont 2020), 2017-11-01 -- 2020-04-30.


Informations- och kommunikationsteknik


Inbäddad systemteknik

Datavetenskap (datalogi)




Mer information

Senast uppdaterat