Analysis of intrusion detection systems in industrial ecosystems

ICETE 2017 - Proceedings of the 14th International Joint Conference on e-Business and Telecommunications

Volumn 4, Issue , 2017, Pages 116-128

  Rubio, Juan Enrique ^a   Alcaraz, Cristina ^a   Roman, Rodrigo ^a   Lopez, Javier ^a  

^a UNIVERSITY OF MÁLAGA   (Spain)

Author keywords

Industrial Control; Industry 4.0; Intrusion Detection; SCADA

Indexed keywords

ECOSYSTEMS; ELECTRONIC COMMERCE; INDUSTRY 4.0;

INDUSTRIAL CONTROLS; INDUSTRIAL ECOSYSTEMS; INTRUSION DETECTION SYSTEMS; SCADA;

INTRUSION DETECTION;

EID: 85029435558     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.5220/0006426301160128     Document Type: Conference Paper

References (61)

1. Alcaraz, C. and Lopez, J. (2010). A security analysis for wireless sensor mesh networks in highly critical systems. IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, 40(4):419-428.
2. Alcaraz, C. and Lopez, J. (2013). Wide-area situational awareness for critical infrastructure protection. IEEE Computer, 46(4):30-37.
3. Alcaraz, C. and Zeadally, S. (2013). Critical control system protection in the 21st century: Threats and solutions. IEEE Computer, 46(10):74-83.
4. AlertEnterprise (2017). Sentry CyberSCADA. http://www.alertenterprise.com/products-EnterpriseSentryCybersecuritySCADA.php. [Online; Accessed March 2017].
5. Attivo Networks (2017). BOTsink. https://attivonetworks.com/product/attivo-botsink/. [Online; Accessed March 2017].
6. Bayou, L., Cuppens-Boulahia, N., Espès, D., and Cuppen, F. (2016). Towards a cds-based intrusion detection deployment scheme for securing industrial wireless sensor networks. In 2016 11th International Conference on Availability, Reliability and Security (ARES), pages 157-166.
7. Bhuyan, M. H., Bhattacharyya, D. K., and Kalita, J. K. (2014). Network anomaly detection: methods, systems and tools. Ieee communications surveys & tutorials, 16(1):303-336.
8. Blumbergs, B. (2014). Technical analysis of advanced threat tactics targeting critical information infrastructure. Technical report.
9. Caselli, M., Zambon, E., Amann, J., Sommer, R., and Kargl, F. (2016). Specification mining for intrusion detection in networked control systems. In 25th USENIX Security Symposium, pages 791-806. USENIX Association.
10. Cazorla, L., Alcaraz, C., and Lopez, J. (2016). Cyber stealth attacks in critical information infrastructures. IEEE Systems Journal, pages 1-15.
11. Cheminod, M., Durante, L., Seno, L., and Valenzano, A. (2016). Detection of attacks based on known vulnerabilities in industrial networked systems. Journal of Information Security and Applications. In Press.
12. Chen, P., Desmet, L., and Huygens, C. (2014). A study on advanced persistent threats. In IFIP International Conference on Communications and Multimedia Security, pages 63-72. Springer.
13. CISCO Systems (2017). CISCO: Protecting ICS with Industrial Signatures. http://www.cisco.com/c/en/us/about/securitycenter/protecting-industrial-control-systemsnetworks-ips.html. [Online; Accessed March 2017].
14. Control-See (2017). UCME-OPC. http://www.controlsee.com/u-c-me-opc/. [Online; Accessed March 2017].
15. Cyberbit (2017). SCADAShield. https://www.cyberbit.net/solutions/ics-scadasecurity-continuity/. [Online; Accessed March 2017].
16. CyberX (2017). XSense. https://cyberxlabs.com/en/xsense/. [Online; Accessed March 2017].
17. DarkTrace (2017). Enterprise Immune System. https://www.darktrace.com/technology/#enterpriseimmune-system. [Online; Accessed March 2017].
18. Federal Office for information Security (2016). Industrial Control System Security: Top 10 Threats and Countermeasures 2016. https://www.allianz-fuercybersicherheit.de. [Online; Accessed March 2017].
19. Garcia, L., Zonouz, S., Wei, D., and de Aguiar, L. P. (2016). Detecting plc control corruption via on-device runtime verification. In 2016 Resilience Week (RWS), pages 67-72.
20. Ghaeini, H. R. and Tippenhauer, N. O. (2016). Hamids: Hierarchical monitoring intrusion detection system for industrial control systems. In Proceedings of the 2Nd ACMWorkshop on Cyber-Physical Systems Security and Privacy (CPS-SPC'16), pages 103-111, New York, NY, USA. ACM.
21. Goldenberg, N. andWool, A. (2013). Accurate modeling of modbus/tcp for intrusion detection in {SCADA} systems. International Journal of Critical Infrastructure Protection, 6(2):63-75.
22. Gyanchandani, M., Rana, J., and Yadav, R. (2012). Taxonomy of anomaly based intrusion detection system: a review. International Journal of Scientific and Research Publications, 2(12):1-13.
23. H., K., J., H., A., H., and Wahlster, W. (2013). Recommendations for implementing the strategic initiative industrie 4.0: Securing the future of german manufacturing industry. final report of the industrie 4.0 working group.
24. Halo Analytics (2017). Halo Vision. https://www.haloanalytics.com/. [Online; Accessed March 2017].
25. HeSec (2017). HeSec Smart Agents. http://hesec.com/products/. [Online; Accessed March 2017].
26. ICS-CERT (2016). Overview of Cyber Vulnerabilities. http://ics-cert.us-cert.gov/content/overviewcyber-vulnerabilities. [Online; Accessed March 2017].
27. ICS2 (2017). ICS2 On-Guard. http://ics2.com/productsolution/. [Online; Accessed March 2017].
28. Jardine, W., Frey, S., Green, B., and Rashid, A. (2016). Senami: Selective non-invasive active monitoring for ics intrusion detection. In Proceedings of the 2Nd ACM Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC'16), pages 23-34, New York, NY, USA. ACM.
29. Joshi, R., Didier, P., Jimenez, J., and Carey, T. (2017). The Industrial Internet of Things Volume G5: Connectivity Framework. Industrial Internet Consortium Report.
30. Junejo, K. N. and Goh, J. (2016). Behaviour-based attack detection and classification in cyber physical systems using machine learning. In Proceedings of the 2Nd ACM International Workshop on Cyber-Physical System Security (CPSS'16), pages 34-43, New York, NY, USA. ACM.
31. Khan, A. and Turowski, K. (2016). A survey of current challenges in manufacturing industry and preparation for industry 4.0. In In Proceedings of the First International Scientific Conference "Intelligent Information Technologies for Industry" (IITI'16), pages 15-26. Springer International Publishing.
32. Krotofil, M. and Gollmann, D. (2013). Industrial control systems security: What is happening? In 11th IEEE International Conference on Industrial Informatics (INDIN'13), pages 670-675.
33. Langner, R. (2011). Stuxnet: Dissecting a cyberwarfare weapon. IEEE Security & Privacy, 9(3):49-51.
34. Leidos (2016). Insider Threat Detection Platform-Wisdom ITI. https://cyber.leidos.com/products/insider-threatdetection. [Online; Accessed March 2017].
35. Lévy-Bencheton, C., Marinos, L., Mattioli, R., King, T., Dietzel, C., Jan, S., et al. (2015). Threat landscape and good practice guide for internet infrastructure. Report, European Union Agency for Network and Information Security (ENISA).
36. Lin, C.-T. (1974). Structural controllability. IEEE Transactions on Automatic Control, 19(3):201-208.
37. Liu, Y., Corbett, C., Chiang, K., Archibald, R., Mukherjee, B., and Ghosal, D. (2009). Sidd: A framework for detecting sensitive data exfiltration by an insider attack. In 42nd Hawaii International Conference on System Sciences, pages 1-10.
38. Lontorfos, G., Fairbanks, K. D., Watkins, L., and Robinson, W. H. (2015). Remotely inferring device manipulation of industrial control systems via network behavior. In IEEE 40th Local Computer Networks Conference Workshops (LCN Workshops'15), pages 603-610.
39. McParland, C., Peisert, S., and Scaglione, A. (2014). Monitoring security of networked control systems: It's the physics. IEEE Security Privacy, 12(6):32-39.
40. Mission Secure (2017). MSi Secure Sentinel Platform. http://www.missionsecure.com/solutions/. [Online; Accessed March 2017].
41. Mitre (2017). Common Vulnerabilities and Exposures. https://cve.mitre.org/. [Online; Accessed March 2017].
42. Moser, A., Kruegel, C., and Kirda, E. (2007). Exploring multiple execution paths for malware analysis. In Security and Privacy, 2007. SP'07. IEEE Symposium on, pages 231-245. IEEE.
43. Patcha, A. and Park, J.-M. (2007). An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer networks, 51(12):3448-3470.
44. Ponomarev, S. and Atkison, T. (2016). Industrial control system network intrusion detection by telemetry analysis. IEEE Transactions on Dependable and Secure Computing, 13(2):252-260.
45. Rahimian, M. A. and Aghdam, A. G. (2013). Structural controllability of multi-agent networks: Robustness against simultaneous failures. Automatica, 49(11):3149-3157.
46. Sadeghi, A.-R., Wachsmann, C., and Waidner, M. (2015). Security and privacy challenges in industrial internet of things. In Proceedings of the 52Nd Annual Design Automation Conference, DAC '15, pages 54:1-54:6, New York, NY, USA. ACM.
47. Sekar, R., Gupta, A., Frullo, J., Shanbhag, T., Tiwari, A., Yang, H., and Zhou, S. (2002). Specification-based anomaly detection: a new approach for detecting network intrusions. In Proceedings of the 9th ACM conference on Computer and communications security, pages 265-274. ACM.
48. Sen, J. (2013). Security and privacy issues in cloud computing. Architectures and Protocols for Secure Information Technology Infrastructures, pages 1-45.
49. Siemens (2017). SIMATIC OPC UA. http://www.industry.siemens.com/topics/global/en/tiaportal/software/details/pages/opc-ua.aspx. [Online; Accessed March 2017].
50. SIGA (2017). SIGA Guard. http://www.sigasec.com. [Online; Accessed March 2017].
51. Singh, S., Sharma, P. K., Moon, S. Y., Moon, D., and Park, J. H. (2016). A comprehensive study on apt attacks and countermeasures for future networks and communications: challenges and solutions. The Journal of Supercomputing, pages 1-32.
52. Stone, S. J., Temple, M. A., and Baldwin, R. O. (2015). Detecting anomalous programmable logic controller behavior using rf-based hilbert transform features and a correlation-based verification process. International Journal of Critical Infrastructure Protection, 9:41-51.
53. Sun, Y., Zhang, J., Xiong, Y., and Zhu, G. (2014). Data security and privacy in cloud computing. International Journal of Distributed Sensor Networks.
54. Tsao, T., Alexander, R., Dohler, M., Daza, V., Lozano, A., and Richardson, M. (2015). A security threat analysis for the routing protocol for low-power and lossy networks (rpls). Technical report.
55. Vern Paxson et al. (2017). The Bro Network Security Monitor. https://www.bro.org/. [Online; Accessed March 2017].
56. Wallgren, L., Raza, S., and Voigt, T. (2013). Routing attacks and countermeasures in the rpl-based internet of things. International Journal of Distributed Sensor Networks.
57. Wu, D., Rosen, D. W., Wang, L., and Schaefer, D. (2015). Cloud-based design and manufacturing: A new paradigm in digital manufacturing and design innovation. Computer-Aided Design, 59:1-14.
58. WurldTech (GE) (2017). OPShield. https://www.wurldtech.com/products/opshield. [Online; Accessed March 2017].
59. Xu, L. D., He, W., and Li, S. (2014). Internet of things in industries: A survey. IEEE Transactions on Industrial Informatics, 10(4):2233-2243.
60. Zhang, K., Liang, X., Lu, R., and Shen, X. (2014). Sybil attacks and their defenses in the internet of things. IEEE Internet of Things Journal, 1(5):372-383.
61. Zhao, K. and Ge, L. (2013). A survey on the internet of things security. In Computational Intelligence and Security (CIS), 2013 9th International Conference on, pages 663-667. IEEE.