State-based Network Intrusion Detection Systems for SCADA Protocols, a Proof of Concept

NAI, FOVINO Igor; CARCANO, Andrea; MASERA, Marcelo; TROMBETTA, Alberto

doi:10.1007/978-3-642-14379-3

An official website of the European Union How do you know?

State-based Network Intrusion Detection Systems for SCADA Protocols, a Proof of Concept

We present a novel Intrusion Detection System able to detect complex attacks to SCADA systems. By complex attack, we mean a set of commands (carried in Modbus packets) that, while licit when considered in isolation on a single-packet basis, interfere with the correct behavior of the system. The proposed IDS detects such attacks thanks to an internal representation of the controlled SCADA system and a corresponding rule language, powerful enough to express the system's critical states. Furthermore, we detail the implementation and provide experimental comparative results.

NAI FOVINO Igor; CARCANO Andrea; MASERA Marcelo; TROMBETTA Alberto;

2011-01-18

Springer

JRC53580

0302-9743,

https://publications.jrc.ec.europa.eu/repository/handle/JRC53580,

10.1007/978-3-642-14379-3,

Language	Citation

Name	Country	City	Type

Datasets

ID	Title	Public URL

Dataset collections

ID	Acronym	Title	Public URL

Scripts / source codes

Description	Public URL

Additional supporting files

File name	Description	File type

Show metadata record Copy citation url to clipboard Download BibTeX

Items published in the JRC Publications Repository are protected by copyright, with all rights reserved, unless otherwise indicated. Additional information: https://ec.europa.eu/info/legal-notice_en#copyright-notice