The Nuts and Bolts of Deploying Process-Level IDS in Industrial Control Systems
Paper i proceeding, 2018

Much research effort has recently been devoted to securing Industrial Control Systems (ICS) in response to the increasing number of adverse incidents targeting nation-wide critical infrastructures. Leveraging the static and regular nature of the behavior of control systems, various data-driven methods that monitor the process-level network have been proposed as a defensive measure. Although these methods have been evaluated through offline analysis of ICS-related datasets, in absence of documented live experiments in real environments, a complete and global understanding of the applicability and efficiency of process-level monitoring is still lacking.

In this work, we describe our experience of running a fully fledged intrusion detection system in an operational paper factory for 75 days. We discuss the nuts and bolts of running such systems in real environments and underline several practical challenges in meeting ICS-specific requirements. This work essentially aims at bridging the gap between ICS intrusion detection research and practice, and empirically validating the increasingly adopted data-driven approach to process-level monitoring.

Process-Level Analysis

Cyber-Physical Systems

Industrial Control Systems

Intrusion Detection




Magnus Almgren

Chalmers, Data- och informationsteknik, Nätverk och system

Wissam Aoudi

Chalmers, Data- och informationsteknik, Nätverk och system

Robert Gustafsson

Student vid Chalmers

Robin Krahl

Albert-Ludwigs-Universität Freiburg

Andreas Lindhe


ACM International Conference Proceeding Series

978-1-4503-6220-7 (ISBN)

Annual Computer Security Applications Conference
San Juan, Puerto Rico,

Säkra IT-system för drift och övervakning av samhällskritisk infrastruktur

Myndigheten för samhällsskydd och beredskap (2015-828), 2015-09-01 -- 2020-08-31.

Integrated cyber-physical solutions for intelligent distribution grid with high penetration of renewables (UNITED-GRID)

Europeiska kommissionen (EU) (EC/H2020/773717), 2017-11-01 -- 2020-04-30.


Informations- och kommunikationsteknik


Inbäddad systemteknik

Datavetenskap (datalogi)




Mer information

Senast uppdaterat