Abstract
We present a novel Intrusion Detection System able to detect complex attacks to SCADA systems. By complex attack, we mean a set of commands (carried in Modbus packets) that, while licit when considered in isolation on a single-packet basis, interfere with the correct behavior of the system. The proposed IDS detects such attacks thanks to an internal representation of the controlled SCADA system and a corresponding rule language, powerful enough to express the system’s critical states. Furthermore, we detail the implementation and provide experimental comparative results.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Nai Fovino, I., Masera, M., Leszczyna, R.: ICT Security Assessment of a Power Plant, a Case Study. In: Proceeding of the Second Int. Conference on Critical Infrastructure Protection, Arlington, USA (March 2008)
Carcano, A., Nai Fovino, I., Masera, M., Trombetta, A.: Scada Malware, a proof of Concept. In: Proceeding of the 3rd International Workshop on Critical Information Infrastructures Security, Rome, October 2008, pp. 13–15 (2008)
East, S., Butts, J., Papa, M., Shenoi, S.: A Taxonomy of Attacks on the DNP3 Protocol. In: Proceeding of the Third Int. Conference on Critical Infrastructure Protection, Hannover, NH, USA (March 2009)
Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering SE-13(2), 222–232 (1987)
Roesch, M.: Snort -Lightweight Intrusion Detection for Networks. In: Proceedings of LISA 1999: 13th Systems Administration Conference, Seattle, Washington, USA, November 1999, pp. 7–12 (1999)
http://www.digitalbond.com/index.php/research/ids-signatures/modbus-tcp-ids-signatures/ (last access 9/04/2009)
Gross, P., Parekh, J., Kaiser, G.: Secure Selecticast for collaborative Intrusion Detection systems. In: Proceedings of the International Workshops on DEBS (2004)
Yegneswaran, V., Barford, P., Jha, S.: Global Intrusion Detection in the Domino Overlay System. In: Proceedings of the 11th ANDSSS Conference (2004)
Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proc. Security and Privacy (2002)
Nai Fovino, I., Masera, M.: A service oriented approach to the assessment of Infrastructure Security. In: Proceeding of the First Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection, Dartmouth College, Hanover, New Hampshire, USA, March 2007, pp. 19–21 (2007)
Nai Fovino, I., Masera, M.: Emergent Disservices in Interdependent Systems and System-of-Systems. In: Proceeding of the IEEE Conference on Systems, Man and Cybernetics, Taipei, October 2006, pp. 8–11 (2006)
Masera, M., Nai Fovino, I.: Models for security assessment and management. In: Proceeding of the International Workshop on Complex Network and Infrastructure Protection (2006)
Nai Fovino, I., Masera, M.: Modelling Information Assets for Security Risk Assessment in Industrial settings. In: Proceeding of the 15th EICAR Annual Conference, Hambourg (2006)
Ning, P., Cui, Y., Reeves, D.S.: Constructing Attack Scenarios through Correlation of Intrusion Alerts. In: Proceedings of the ACM Conference on Computer and Communications Security, Washington, D.C, November 2002, pp. 245–254 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Carcano, A., Fovino, I.N., Masera, M., Trombetta, A. (2010). State-Based Network Intrusion Detection Systems for SCADA Protocols: A Proof of Concept. In: Rome, E., Bloomfield, R. (eds) Critical Information Infrastructures Security. CRITIS 2009. Lecture Notes in Computer Science, vol 6027. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14379-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-14379-3_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14378-6
Online ISBN: 978-3-642-14379-3
eBook Packages: Computer ScienceComputer Science (R0)