State-Based Network Intrusion Detection Systems for SCADA Protocols: A Proof of Concept

  • Andrea Carcano
  • Igor Nai Fovino
  • Marcelo Masera
  • Alberto Trombetta
Conference paper

DOI: 10.1007/978-3-642-14379-3_12

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6027)
Cite this paper as:
Carcano A., Fovino I.N., Masera M., Trombetta A. (2010) State-Based Network Intrusion Detection Systems for SCADA Protocols: A Proof of Concept. In: Rome E., Bloomfield R. (eds) Critical Information Infrastructures Security. CRITIS 2009. Lecture Notes in Computer Science, vol 6027. Springer, Berlin, Heidelberg

Abstract

We present a novel Intrusion Detection System able to detect complex attacks to SCADA systems. By complex attack, we mean a set of commands (carried in Modbus packets) that, while licit when considered in isolation on a single-packet basis, interfere with the correct behavior of the system. The proposed IDS detects such attacks thanks to an internal representation of the controlled SCADA system and a corresponding rule language, powerful enough to express the system’s critical states. Furthermore, we detail the implementation and provide experimental comparative results.

Keywords

Security SCADA systems critical infrastructures IDS 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Andrea Carcano
    • 2
  • Igor Nai Fovino
    • 1
  • Marcelo Masera
    • 1
  • Alberto Trombetta
    • 2
  1. 1.Joint Research CentreInstitute for the Protection and Security of the CitizenIspraItaly
  2. 2.University of InsubriaVareseItaly

Personalised recommendations