Title: Modbus/DNP3 State-based Intrusion Detection System
Citation: Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications p. 729-736
Publisher: IEEE Computer Society
Publication Year: 2010
JRC N°: JRC56496
URI: http://publications.jrc.ec.europa.eu/repository/handle/JRC56496
DOI: 10.1109/AINA.2010.86
Type: Articles in periodicals and books
Abstract: The security of SCADA systems is one of the most pressing subjects in industrial systems, and particularly in critical infrastructures. In this paper we present an innovative approach to the design of Intrusion Detection Systems based on the state of the system being monitored. The aim is to be able to detect complex attacks to SCADA systems. By complex attack, we mean attacks composed of a set of commands that, while licit when considered in isolation on a single-packet basis, can disrupt the correct behavior of the system when executed in particular operating states. The proposed IDS detects these complex attacks thanks to an internal representation of the controlled SCADA system. We also present the corresponding rule language powerful enough to express the system¿s critical states. Furthermore, we detail the design of the architecture of the IDS for systems using the ModBus and DNP3 protocols, and the implementation of a prototype; for then providing experimental comparative results that confirm the validity of the proposed approach.
JRC Directorate:Space, Security and Migration

Files in This Item:
There are no files associated with this item.

Items in repository are protected by copyright, with all rights reserved, unless otherwise indicated.