Distributed Intrusion Detection System for SCADA Protocols [chapter]

Igor Nai Fovino, Marcelo Masera, Michele Guglielmi, Andrea Carcano, Alberto Trombetta
2010 IFIP Advances in Information and Communication Technology  
This paper presents an innovative, distributed, multilayer approach for detecting known and unknown attacks on industrial control systems. The approach employs process event correlation, critical state detection and critical state aggregation. The paper also describes a prototype implementation and provides experimental results that validate the intrusion detection approach. Critical infrastructures rely very heavily on information and communications technologies (ICT). These technologies
more » ... e features and services such as remote monitoring, remote management, intra-system coordination, inter-system communication and self-orchestration. Unfortunately, critical infrastructure assets are susceptible to a large number of ICT attacks [5, 10] . These attacks can be categorized into two classes. The first class includes traditional ICT attacks that leverage vulnerabilities in general purpose ICT systems; these attacks can be mitigated by adopting ICT countermeasures such as software patches, antivirus software and firewalls. The second class includes industrial system attacks that exploit vulnerabilities specific to industrial ICT systems, e.g., attacks that leverage the lack of authentication and integrity checks in SCADA communication protocols [1] .
doi:10.1007/978-3-642-16806-2_7 fatcat:jncqfzgvrjd5taqybfdhziydzy