Anomaly detection via statistical learning in industrial communication networks

International Journal of Information and Computer Security

Volumn 4, Issue 4, 2011, Pages 295-315

  Rrushi, Julian L ^a  

^a UNIVERSITY OF NEW BRUNSWICK   (Canada)

Author keywords

Anomaly intrusion detection; Applied statistics; DCS; Distributed control system; SANs; Stochastic activity networks

Indexed keywords

ANOMALY DETECTION; COMPUTER CONTROL SYSTEMS; CYBER PHYSICAL SYSTEM; DISTRIBUTED PARAMETER CONTROL SYSTEMS; EMBEDDED SYSTEMS; EVOLUTIONARY ALGORITHMS; INTRUSION DETECTION; LEARNING ALGORITHMS; MATLAB; POWER PLANTS; STATISTICAL PROCESS CONTROL; STOCHASTIC MODELS; STOCHASTIC SYSTEMS;

ANOMALY INTRUSION DETECTION; APPLIED STATISTICS; INDUSTRIAL COMMUNICATION NETWORKS; PREDICTION CAPABILITY; SANS; STATISTICAL LEARNING; STOCHASTIC ACTIVITY NETWORKS; TESTING AND EVALUATION;

DISTRIBUTED COMPUTER SYSTEMS;

EID: 84857186552     PISSN: 17441765     EISSN: 17441773     Source Type: Journal    
DOI: 10.1504/IJICS.2011.044821     Document Type: Article

References (33)

1. Alampalayam, S., Kumar, P., Kumar, A. and Srinivasan, S. (2007) 'Statistical based intrusion detection framework using Six Sigma technique', International Journal of Computer Science and Network Security, Vol. 7, No. 10, pp.333-342.
2. Anderson, T.W. and Darling, D.A. (1952) 'Asymptotic theory of certain goodness-of-fit criteria based on stochastic processes', Annals of Mathematical Statistics, Vol. 23, No. 2, pp.193-212.
3. Anderson, D., Lunt, T., Javitz, H., Tamaru, A. and Valdes, A. (1995) 'Next-generation intrusion detection expert system (NIDES): a summary', Technical Report SRI-CSL-95-07, SRI International.
4. Berge, J. (2002) Fieldbuses for Process Control: Engineering, Operation, and Maintenance, ISA, Research Triangle Park, NC.
5. Bradley, J.V. (1968) Distribution-free Statistical Tests, Prentice-Hall, Englewood Cliffs, NJ.
6. Deavours, D.D., Clark, G., Courtney, T., Daly, D., Derisavi, S., Doyle, J.M., Sanders, W.H. and Webster, P.G. (2002) 'The Möbius framework and its implementation', IEEE Transactions on Software Engineering, Vol. 28, No. 10, pp.956-969.
7. DuMouchel, W. (1999) 'Computer intrusion detection based on Bayes factors for comparing command transition probabilities', Technical Report, National Institute of Statistical Sciences.
8. Erickson, K.T. (2005) Programmable Logic Controllers: An Emphasis on Design and Application, Dogwood Valley Press, Rolla, MO.
9. General Electric, Inc. (2010) 'Advanced boiling water reactor plant general description', available at http://www.gepower.com/prodserv/products/ nuclearenergy/en/downloads/gea14576ebwr.pdf (accessed on 23 September 2011).
10. Gowadia, V., Farkas, C. and Valtorta, M. (2005) 'PAID: a probabilistic agent-based intrusion detection system', Journal of Computers and Security, Vol. 24, No. 7, pp.529-545. (Pubitemid 41455413)
11. Hosmer, D.W. and Lemeshow, S. (2000) Applied Logistic Regression, Wiley-InterScience, New York, NY.
12. Huitsing, P., Chandia, R., Papa, M. and Shenoi, S. (2008) 'Attack taxonomies for the modbus protocol', International Journal of Critical Infrastructure Protection, Vol. 1, pp.37-44.
13. International Electrotechnical Commission (IEC) (2007) 'IEC 61850: communication networks and systems for power utility automation, Part 7-410: hydroelectric power plants - communication for monitoring and control', available at http://www.iec.ch/ (accessed on 23 September 2011).
14. Javitz, H.S. and Valdes, A. (1994) 'The NIDES statistical component description and justification', SRI Project 3131 Annual Report.
15. Ju, W.H. and Vardi, Y. (1999) 'A hybrid high-order Markov chain model for computer intrusion detection', Technical Report Number 92, National Institute of Statistical Sciences.
16. Kleinbaum, D.G., Kupper, L.L., Nizam, A. and Muller, K.E. (2007) Applied Regression Analysis and Multivariable Methods, 4th ed., Duxbury Press, Boston, Mass.
17. Larsen, J. (2008) 'Breakage', Blackhat Federal, http://www.blackhat.com/ presentations/bh-dc-08/Larsen/Presentation/bh-dc-08-larsen.pdf (accessed on 23 September 2011).
18. Lehmann, E.L. and Casella, G. (1998) Theory of Point Estimation, 2nd ed., Springer, New York, NY.
19. Li, Z., Das, A. and Nandi, S. (2003) 'Utilizing statistical characteristics of N-grams for intrusion detection', Proceedings of the 2003 International Conference on Cyberworlds, IEEE Computer Society, Washington, DC, USA.
20. Mathworks Inc. (2011a) 'Matlab - the language of technical computing', available at http://www.mathworks.com/products/Matlab/ (accessed on 23 September 2011).
21. Mathworks Inc. (2011b) 'Simulink', available at http://www.mathworks.com/ products/simulink/ (accessed on 23 September 2011).
22. Mathworks Inc. (2011c) 'Real-time workshop', available at http://www.mathworks.com/products/rtw/ (accessed on 23 September 2011).
23. ModBus Organization (2004a) 'ModBus application protocol specification', available at http://www.modbus.org/docs/Modbus-Application-Protocol-V1-1b.pdf (accessed on 23 September 2011).
24. ModBus Organization (2004b) 'ModBus messaging on TCP/IP implementation guide', available at http://www.modbus.org/docs/Modbus-Messaging-Implementation- Guide-V1-0b.pdf (accessed on 20 September 2011).
25. Petri, A.C. and Reisig, W. (2008) 'Petri net', Scholarpedia, Vol. 3, No. 4, p.6477.
26. Petruzella, F.D. (2004) 'Programmable logic controllers', Career Education.
27. Rrushi, J.L. (2011) 'SCADA protocol vulnerabilities', Advances in Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense, Springer, to appear.
28. Sanders, W.H. and Meyer, J.F. (1991) 'A unified approach for specifying measures of performance, dependability, and performability', in Avizienis, A., Kopetz, H., Laprie, J. (Eds.): Dependable Computing and Fault-Tolerant Systems, Vol. 4, pp.215-237, Springer-Verlag, New York, NY.
29. Sanders, W.H. and Meyer, J.F. (2001) 'Stochastic activity networks: formal definitions and concepts', Lecture Notes in Computer Science, No. 2090, pp.315-343. (Pubitemid 33332568)
30. Sanders, W.H. (1988) 'Construction and solution of performability models based on stochastic activity networks', Doctoral Dissertation, University of Michigan.
31. Stouffer, K., Falco, J. and Scarfone, K. (2007) 'Guide to industrial control systems security', available at http://csrc.nist.gov/publications/ drafts/800-82/draft-sp800-82-fpd.pdf (accessed on 23 September 2011).
32. Wang, K. and Stolfo, S.J. (2004) 'Anomalous payload-based network intrusion detection', Proceedings of the International Symposium on Recent Advances in Intrusion Detection, France.
33. Wuollet, C., Romanenko, A., Jack, H., Baum, J., Orozco, J.C. and de Sousa, M.J.R. (2008) 'MatPLC', available at http://mat.sourceforge.net (accessed on 23 September 2011).