The Nuts and Bolts of Deploying Process-Level IDS in Industrial Control Systems
Paper i proceeding, 2018
Much research effort has recently been devoted to securing Industrial Control Systems (ICS) in response to the increasing number of adverse incidents targeting nation-wide critical infrastructures. Leveraging the static and regular nature of the behavior of control systems, various data-driven methods that monitor the process-level network have been proposed as a defensive measure. Although these methods have been evaluated through offline analysis of ICS-related datasets, in absence of documented live experiments in real environments, a complete and global understanding of the applicability and efficiency of process-level monitoring is still lacking.
In this work, we describe our experience of running a fully fledged intrusion detection system in an operational paper factory for 75 days. We discuss the nuts and bolts of running such systems in real environments and underline several practical challenges in meeting ICS-specific requirements. This work essentially aims at bridging the gap between ICS intrusion detection research and practice, and empirically validating the increasingly adopted data-driven approach to process-level monitoring.
In this work, we describe our experience of running a fully fledged intrusion detection system in an operational paper factory for 75 days. We discuss the nuts and bolts of running such systems in real environments and underline several practical challenges in meeting ICS-specific requirements. This work essentially aims at bridging the gap between ICS intrusion detection research and practice, and empirically validating the increasingly adopted data-driven approach to process-level monitoring.
Process-Level Analysis
Cyber-Physical Systems
Industrial Control Systems
Intrusion Detection
PASAD
Deployment
Författare
Magnus Almgren
Chalmers, Data- och informationsteknik, Nätverk och system
Wissam Aoudi
Chalmers, Data- och informationsteknik, Nätverk och system
Robert Gustafsson
Student vid Chalmers
Robin Krahl
Albert-Ludwigs-Universität Freiburg
Andreas Lindhe
Combitech
ACM International Conference Proceeding Series
17-24
978-1-4503-6220-7 (ISBN)
Annual Computer Security Applications Conference
San Juan, Puerto Rico,
San Juan, Puerto Rico,
Säkra IT-system för drift och övervakning av samhällskritisk infrastruktur
Myndigheten för samhällsskydd och beredskap (2015-828), 2015-09-01 -- 2020-08-31.
Integrated cyber-physical solutions for intelligent distribution grid with high penetration of renewables (UNITED-GRID)
Europeiska kommissionen (EU) (EC/H2020/773717), 2017-11-01 -- 2020-04-30.
Styrkeområden
Informations- och kommunikationsteknik
Ämneskategorier
Inbäddad systemteknik
Datavetenskap (datalogi)
Datorsystem
DOI
10.1145/3295453.3295456