Advertisement

State-Based Firewall for Industrial Protocols with Critical-State Prediction Monitor

  • Igor Nai Fovino
  • Andrea Carcano
  • Alessio Coletta
  • Michele Guglielmi
  • Marcelo Masera
  • Alberto Trombetta
Conference paper
  • 525 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6712)

Abstract

Traditional cyber-security countermeasures are inadequate for protecting modern Industrial Critical Infrastructures. In this paper we present an innovative filtering technique for industrial protocols based on the state analysis of the system being monitored. Since we focus our attention on the system behavior rather than on modeling the behavior of the possible attackers, this approach enables the detection of previously unknown attacks. Moreover, we introduce the concept of Critical State Prediction, function that is used for anticipating the evolution of the system towards possible critical states. Finally we provide experimental comparative results that confirm the validity of the proposed approach.

Keywords

Security SCADA systems critical infrastructures firewall 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Creery, A.A., Byres, E.J.: Industrial Cybersecurity for power system and SCADA networks. IEE Industry Apllication Magazine (July-August 2007)Google Scholar
  2. 2.
    Nai Fovino, I., Carcano, A., Masera, M.: Secure Modbus Protocol, a proof of concept. In: Proc. of the 3rd IFIP Int. Conf. on Critical Infrastructure Protection, Hanover, NH., USA (2009)Google Scholar
  3. 3.
    Chandia, R., Gonzalez, J., Kilpatrick, T., Papa, M., Shenoi, S.: Security Strategies for Scada Networks. In: Proceeding of the First Int. Conference on Critical Infrastructure Protection, Hanover, NH., USA, March 19-21 (2007)Google Scholar
  4. 4.
    Majdalawieh, M., Parisi-Presicce, F., Wijesekera, D.: Distributed Network Protocol Security (DNPSec) security framework. In: Proceedings of the 21st Annual Computer Security Applications Conference, Tucson, Arizona, December 5-9 (2005)Google Scholar
  5. 5.
    Hong, J.H.C.S., Ho Ju, S., Lim, Y.H., Lee, B.S., Hyun, D.H.: A Security Mechanism for Automation Control in PLC-based Networks. In: Proceedings of the ISPLC 2007, IEEE International Symposium on Power Line Communications and Its Applications, Pisa, Italy, March 26-28, pp. 466–470 (2007)Google Scholar
  6. 6.
    Mander, T., Nabhani, F., Wang, L., Cheung, R.: Data Object Based Security for DNP3 Over TCP/IP for Increased Utility Commercial Aspects Security. In: Proceedings of the Power Engineering Society General Meeting, Tampa, FL, USA, June 24-28, pp. 1–8. IEEE, Los Alamitos (2007)Google Scholar
  7. 7.
    Nai Fovino, I., Carcano, A., Masera, M., Trombetta, A.: An experimental investigation of malware attacks on SCADA systems. International Journal of Critical Infrastructure Protection 2(4) (2009)Google Scholar
  8. 8.
    Nai Fovino, I., Carcano, A., Masera, M., Trombetta, A., Delacheze-Murel, T.: Modbus/DNP3 State-based Intrusion Detection System. In: Proceedings of the 24th International Conference on Advanced Information Networking and Applications, Perth, Australia, April 20-23 (2010)Google Scholar
  9. 9.
    http://modbusfw.sourceforge.net/ (last access May 28, 2010)
  10. 10.
    Nai Fovino, I., Masera, M., Leszczyna, R.: ICT Security Assessment of a Power Plant, a Case Study. In: Proceeding of the Second Int. Conference on Critical Infrastructure Protection, Arlington, USA (March 2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Igor Nai Fovino
    • 1
  • Andrea Carcano
    • 2
  • Alessio Coletta
    • 1
  • Michele Guglielmi
    • 1
  • Marcelo Masera
    • 1
  • Alberto Trombetta
    • 2
  1. 1.Joint Research CentreInstitute for the Protection and Security of the CitizenIspraItaly
  2. 2.University of InsubriaVareseItaly

Personalised recommendations