Distributed Intrusion Detection System for SCADA Protocols
- Cite this paper as:
- Fovino I.N., Masera M., Guglielmi M., Carcano A., Trombetta A. (2010) Distributed Intrusion Detection System for SCADA Protocols. In: Moore T., Shenoi S. (eds) Critical Infrastructure Protection IV. ICCIP 2010. IFIP Advances in Information and Communication Technology, vol 342. Springer, Berlin, Heidelberg
This paper presents an innovative, distributed, multilayer approach for detecting known and unknown attacks on industrial control systems. The approach employs process event correlation, critical state detection and critical state aggregation. The paper also describes a prototype implementation and provides experimental results that validate the intrusion detection approach.