Title: State-based Network Intrusion Detection Systems for SCADA Protocols, a Proof of Concept
Citation: Lecture Notes in Computer Science - Critical Information Infrastructures Security vol. 6027 p. 138-150
Publisher: Springer
Publication Year: 2010
JRC N°: JRC53580
ISSN: 0302-9743
URI: http://publications.jrc.ec.europa.eu/repository/handle/JRC53580
DOI: 10.1007/978-3-642-14379-3
Type: Articles in periodicals and books
Abstract: We present a novel Intrusion Detection System able to detect complex attacks to SCADA systems. By complex attack, we mean a set of commands (carried in Modbus packets) that, while licit when considered in isolation on a single-packet basis, interfere with the correct behavior of the system. The proposed IDS detects such attacks thanks to an internal representation of the controlled SCADA system and a corresponding rule language, powerful enough to express the system's critical states. Furthermore, we detail the implementation and provide experimental comparative results.
JRC Directorate:Space, Security and Migration

Files in This Item:
There are no files associated with this item.

Items in repository are protected by copyright, with all rights reserved, unless otherwise indicated.