research-article

Open access

IPAL: Breaking up Silos of Protocol-dependent and Domain-specific Industrial Intrusion Detection Systems

Authors:

Konrad Wolsing,

Antoine Saillard,

Martin HenzeAuthors Info & Claims

RAID '22: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses

Pages 510 - 525

https://doi.org/10.1145/3545948.3545968

Published: 26 October 2022 Publication History

All formats PDF

Abstract

The increasing interconnection of industrial networks exposes them to an ever-growing risk of cyber attacks. To reveal such attacks early and prevent any damage, industrial intrusion detection searches for anomalies in otherwise predictable communication or process behavior. However, current efforts mostly focus on specific domains and protocols, leading to a research landscape broken up into isolated silos. Thus, existing approaches cannot be applied to other industries that would equally benefit from powerful detection. To better understand this issue, we survey 53 detection systems and find no fundamental reason for their narrow focus. Although they are often coupled to specific industrial protocols in practice, many approaches could generalize to new industrial scenarios in theory. To unlock this potential, we propose IPAL, our industrial protocol abstraction layer, to decouple intrusion detection from domain-specific industrial protocols. After proving IPAL’s correctness in a reproducibility study of related work, we showcase its unique benefits by studying the generalizability of existing approaches to new datasets and conclude that they are indeed not restricted to specific domains or protocols and can perform outside their restricted silos.

References

[1]

Maged Abdelaty, Roberto Doriguzzi-Corin, and Domenico Siracusa. 2020. AADS: A Noise-Robust Anomaly Detection Framework for Industrial Control Systems. In Information and Communications Security.

[2]

Sridhar Adepu and Aditya Mathur. 2016. Distributed Detection of Single-Stage Multipoint Cyber Attacks in a Water Treatment Plant. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security(ASIA CCS ’16). https://doi.org/10.1145/2897845.2897855

Digital Library

[3]

Ekta Aggarwal, Mehdi Karimibiuki, Karthik Pattabiraman, and André Ivanov. 2018. CORGIDS: A Correlation-Based Generic Intrusion Detection System. In Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy(CPS-SPC ’18). https://doi.org/10.1145/3264888.3264893

Digital Library

[4]

Chuadhry Mujeeb Ahmed, Aditya P. Mathur, and Martín Ochoa. 2020. NoiSense Print: Detecting Data Integrity Attacks on Sensor Measurements Using Hardware-Based Fingerprints. ACM Trans. Priv. Secur. 24, 1, Article 2(2020). https://doi.org/10.1145/3410447

Digital Library

[5]

Chuadhry Mujeeb Ahmed, Gauthama Raman MR, and Aditya P Mathur. 2020. Challenges in machine learning based approaches for real-time anomaly detection in industrial control systems. In Proceedings of the 6th ACM on Cyber-Physical System Security Workshop.

Digital Library

[6]

Chuadhry Mujeeb Ahmed, Carlos Murguia, and Justin Ruths. 2017. Model-Based Attack Detection Scheme for Smart Water Distribution Networks. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security(ASIA CCS ’17). https://doi.org/10.1145/3052973.3053011

Digital Library

[7]

Chuadhry Mujeeb Ahmed, Venkata Reddy Palleti, and Aditya P. Mathur. 2017. WADI: A Water Distribution Testbed for Research in the Design of Secure Cyber Physical Systems. In Proceedings of the 3rd International Workshop on Cyber-Physical Systems for Smart Water Networks(CySWATER ’17). https://doi.org/10.1145/3055366.3055375

Digital Library

[8]

Chuadhry Mujeeb Ahmed, Jay Prakash, Rizwan Qadeer, Anand Agrawal, and Jianying Zhou. 2020. Process Skew: Fingerprinting the Process for Anomaly Detection in Industrial Control Systems. In Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks(WiSec ’20). https://doi.org/10.1145/3395351.3399364

Digital Library

[9]

Chuadhry Mujeeb Ahmed, Jianying Zhou, and Aditya P. Mathur. 2018. Noise Matters: Using Sensor and Process Noise Fingerprint to Detect Stealthy Cyber Attacks and Authenticate Sensors in CPS. In Proceedings of the 34th Annual Computer Security Applications Conference(ACSAC ’18). https://doi.org/10.1145/3274694.3274748

Digital Library

[10]

Cesare Alippi, Stavros Ntalampiras, and Manuel Roveri. 2017. Model-Free Fault Detection and Isolation in Large-Scale Cyber-Physical Systems. IEEE Transactions on Emerging Topics in Computational Intelligence 1, 1(2017). https://doi.org/10.1109/TETCI.2016.2641452

[11]

Abdulmohsen Almalawi, Xinghuo Yu, Zahir Tari, Adil Fahad, and Ibrahim Khalil. 2014. An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems. Computers & Security 46(2014). https://doi.org/10.1016/j.cose.2014.07.005

[12]

Simon D. Duque Anton, Anna Pia Lohfink, Christoph Garth, and Hans Dieter Schotten. 2019. Security in Process: Detecting Attacks in Industrial Process Data(CECC 2019). https://doi.org/10.1145/3360664.3360669

Digital Library

[13]

S. D. D. Anton and H. D. Schotten. 2020. Intrusion Detection in Binary Process Data: Introducing the Hamming-distance to Matrix Profiles. In 2020 IEEE 21st International Symposium on ”A World of Wireless, Mobile and Multimedia Networks” (WoWMoM). https://doi.org/10.1109/WoWMoM49955.2020.00065

[14]

S. D. D. Anton, S. Sinha, and H. Dieter Schotten. 2019. Anomaly-based Intrusion Detection in Industrial Data with SVM and Random Forests. In 2019 International Conference on Software, Telecommunications and Computer Networks (SoftCOM). https://doi.org/10.23919/SOFTCOM.2019.8903672

[15]

Wissam Aoudi and Magnus Almgren. 2020. A scalable specification-agnostic multi-sensor anomaly detection system for IIoT environments. International Journal of Critical Infrastructure Protection 30 (2020). https://doi.org/10.1016/j.ijcip.2020.100377

[16]

Wissam Aoudi, Mikel Iturbe, and Magnus Almgren. 2018. Truth Will Out: Departure-Based Process-Level Detection of Stealthy Attacks on Control Systems. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security(CCS ’18). https://doi.org/10.1145/3243734.3243781

Digital Library

[17]

Frederik Armknecht, Paul Walther, Gene Tsudik, Martin Beck, and Thorsten Strufe. 2020. ProMACs: progressive and resynchronizing MACs for continuous efficient authentication of message streams. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security.

Digital Library

[18]

Vaibhav Bajpai, Anna Brunstrom, Anja Feldmann, Wolfgang Kellerer, Aiko Pras, Henning Schulzrinne, Georgios Smaragdakis, Matthias Wählisch, and Klaus Wehrle. 2019. The Dagstuhl Beginners Guide to Reproducibility for Experimental Networking Research. SIGCOMM Comput. Commun. Rev. 49, 1 (2019).

Digital Library

[19]

R. R. R. Barbosa, R. Sadre, and A. Pras. 2012. Towards periodicity based anomaly detection in SCADA networks. In Proceedings of 2012 IEEE 17th International Conference on Emerging Technologies Factory Automation (ETFA 2012). https://doi.org/10.1109/ETFA.2012.6489745

[20]

Partha P Biswas, Heng Chuan Tan, Qingbo Zhu, Yuan Li, Daisuke Mashima, and Binbin Chen. 2019. A synthesized dataset for cybersecurity study of IEC 61850 based substation. In 2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). IEEE.

[21]

A. Carcano, A. Coletta, M. Guglielmi, M. Masera, I. Nai Fovino, and A. Trombetta. 2011. A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems. IEEE Transactions on Industrial Informatics 7, 2 (2011). https://doi.org/10.1109/TII.2010.2099234

[22]

Andrea Carcano, Igor Nai Fovino, Marcelo Masera, and Alberto Trombetta. 2010. State-Based Network Intrusion Detection Systems for SCADA Protocols: A Proof of Concept. In Critical Information Infrastructures Security.

[23]

Marco Caselli, Emmanuele Zambon, and Frank Kargl. 2015. Sequence-Aware Intrusion Detection in Industrial Control Systems. In Proceedings of the 1st ACM Workshop on Cyber-Physical System Security(CPSS ’15). https://doi.org/10.1145/2732198.2732200

Digital Library

[24]

Marco Caselli, Emmanuele Zambon, Jonathan Petit, and Frank Kargl. 2015. Modeling message sequences for intrusion detection in industrial control systems. In Critical Infrastructure Protection IX. Springer.

[25]

John Henry Castellanos and Jianying Zhou. 2019. A Modular Hybrid Learning Approach for Black-Box Security Testing of CPS. In Applied Cryptography and Network Security.

[26]

Yuqi Chen, Christopher M. Poskitt, and Jun Sun. 2018. Learning from Mutants: Using Code Mutation to Learn and Monitor Invariants of a Cyber-Physical System. In 2018 IEEE Symposium on Security and Privacy (SP). https://doi.org/10.1109/SP.2018.00016

[27]

Steven Cheung, Bruno Dutertre, Martin Fong, Ulf Lindqvist, Keith Skinner, and Alfonso Valdes. 2007. Using model-based intrusion detection for SCADA networks. In Proceedings of the SCADA security scientific symposium.

[28]

Hongjun Choi, Wen-Chuan Lee, Yousra Aafer, Fan Fei, Zhan Tu, Xiangyu Zhang, Dongyan Xu, and Xinyan Deng. 2018. Detecting Attacks Against Robotic Vehicles: A Control Invariant Approach(CCS ’18). https://doi.org/10.1145/3243734.3243752

Digital Library

[29]

[29] Justyna Chromik.2017. https://github.com/jjchromik/manipulateTraces/.

[30]

[30] Justyna Chromik.2019. https://github.com/jjchromik/intravis.

[31]

Ankang Chu, Yingxu Lai, and Jing Liu. 2019. Industrial Control Intrusion Detection Approach Based on Multiclassification GoogLeNet-LSTM Model. Security and Communication Networks 2019 (2019).

[32]

B. Claise. 2004. Cisco Systems NetFlow Services Export Version 9. RFC 3954. RFC Editor. http://www.rfc-editor.org/rfc/rfc3954.txt http://www.rfc-editor.org/rfc/rfc3954.txt.

[33]

Tanmoy Kanti Das, Sridhar Adepu, and Jianying Zhou. 2020. Anomaly detection in Industrial Control Systems using Logical Analysis of Data. Computers & Security 96(2020). https://doi.org/10.1016/j.cose.2020.101935

[34]

Derui Ding, Qing-Long Han, Yang Xiang, Xiaohua Ge, and Xian-Ming Zhang. 2018. A survey on security control and attack detection for industrial cyber-physical systems. Neurocomputing 275(2018). https://doi.org/10.1016/j.neucom.2017.10.009

Digital Library

[35]

James J Downs and Ernest F Vogel. 1993. A plant-wide industrial process control problem. Computers & chemical engineering 17, 3 (1993).

[36]

Alessandro Erba and Nils Ole Tippenhauer. 2020. No Need to Know Physics: Resilience of Process-based Model-free Anomaly Detection for Industrial Control Systems. CoRR abs/2012.03586(2020). arxiv:2012.03586https://arxiv.org/abs/2012.03586

[37]

L. Faramondi, F. Flammini, S. Guarino, and R. Setola. 2021. A Hardware-in-the-Loop Water Distribution Testbed Dataset for Cyber-Physical Security Testing. IEEE Access 9(2021). https://doi.org/10.1109/ACCESS.2021.3109465

[38]

C. Feng, T. Li, and D. Chana. 2017. Multi-level Anomaly Detection in Industrial Control Systems via Package Signatures and LSTM Networks. In 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). https://doi.org/10.1109/DSN.2017.34

[39]

Cheng Feng, Venkata Reddy Palleti, Aditya Mathur, and Deeph Chana. 2019. A Systematic Framework to Generate Invariants for Anomaly Detection in Industrial Control Systems. In NDSS.

[40]

Benedikt Ferling, Justyna Chromik, Marco Caselli, and Anne Remke. 2018. Intrusion Detection for Sequence-Based Attacks with Reduced Traffic Models. In Measurement, Modelling and Evaluation of Computing Systems.

[41]

Fraunhofer FKIE-CAD. 2022. IPAL - Datasets. https://github.com/fkie-cad/ipal_datasets.

[42]

Fraunhofer FKIE-CAD. 2022. IPAL - Industrial Intrusion Detection Framework. https://github.com/fkie-cad/ipal_ids_framework.

[43]

Fraunhofer FKIE-CAD. 2022. IPAL - Transcriber. https://github.com/fkie-cad/ipal_transcriber.

[44]

Open Information Security Foundation. 2021. Suricata. https://suricata.io/

[45]

The Apache Software Foundation. 2020. PLC4X. https://plc4x.apache.org/

[46]

I. N. Fovino, A. Carcano, T. De Lacheze Murel, A. Trombetta, and M. Masera. 2010. Modbus/DNP3 State-Based Intrusion Detection System. In 2010 24th IEEE International Conference on Advanced Information Networking and Applications. https://doi.org/10.1109/AINA.2010.86

Digital Library

[47]

Wei Gao and Thomas H Morris. 2014. On cyber attacks and signature based intrusion detection for modbus based industrial control systems. Journal of Digital Forensics, Security and Law 9, 1 (2014).

[48]

Hamid Reza Ghaeini and Nils Ole Tippenhauer. 2016. HAMIDS: Hierarchical Monitoring Intrusion Detection System for Industrial Control Systems(CPS-SPC ’16). https://doi.org/10.1145/2994487.2994492

Digital Library

[49]

Jairo Giraldo, David Urbina, Alvaro Cardenas, Junia Valente, Mustafa Faisal, Justin Ruths, Nils Ole Tippenhauer, Henrik Sandberg, and Richard Candell. 2018. A Survey of Physics-Based Attack Detection in Cyber-Physical Systems. ACM Comput. Surv. 51, 4 (2018). https://doi.org/10.1145/3203245

Digital Library

[50]

Jonathan Goh, Sridhar Adepu, Khurum Nazir Junejo, and Aditya Mathur. 2016. A dataset to support research in the design of secure water treatment systems. In International conference on critical information infrastructures security. Springer.

[51]

Niv Goldenberg and Avishai Wool. 2013. Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. International Journal of Critical Infrastructure Protection 6, 2(2013). https://doi.org/10.1016/j.ijcip.2013.05.001

[52]

Isaías González, Antonio José Calderón, and José María Portalo. 2021. Innovative multi-layered architecture for heterogeneous automation and monitoring systems: Application case of a photovoltaic smart microgrid. Sustainability 13, 4 (2021).

[53]

Dina Hadžiosmanović, Robin Sommer, Emmanuele Zambon, and Pieter H. Hartel. 2014. Through the Eye of the PLC: Semantic Security Monitoring for Industrial Processes(ACSAC ’14). https://doi.org/10.1145/2664243.2664277

Digital Library

[54]

Zhongyuan Hau and Emil C. Lupu. 2019. Exploiting Correlations to Detect False Data Injections in Low-Density Wireless Sensor Networks. In Proceedings of the 5th on Cyber-Physical System Security Workshop(CPSS ’19). https://doi.org/10.1145/3327961.3329530

Digital Library

[55]

Kevin E. Hemsley and Dr. Ronald E. Fisher. 2018. History of Industrial Control System Cyber Incidents. (2018). https://doi.org/10.2172/1505628

[56]

Martin Henze, Lennart Bader, Julian Filter, Olav Lamberts, Simon Ofner, and Dennis van der Velde. 2020. Poster: Cybersecurity Research and Training for Power Distribution Grids – A Blueprint. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS) - Poster Session. https://doi.org/10.1145/3372297.3420016

Digital Library

[57]

Jens Hiller, Martin Henze, Martin Serror, Eric Wagner, Jan Niklas Richter, and Klaus Wehrle. 2018. Secure low latency communication for constrained industrial IoT scenarios. In 2018 IEEE 43rd Conference on Local Computer Networks (LCN). IEEE.

[58]

Yan Hu, An Yang, Hong Li, Yuyan Sun, and Limin Sun. 2018. A survey of intrusion detection on industrial control systems. International Journal of Distributed Sensor Networks 14, 8 (2018).

[59]

Abdulmalik Humayed, Jingqiang Lin, Fengjun Li, and Bo Luo. 2017. Cyber-Physical Systems Security—A Survey. IEEE Internet of Things Journal 4, 6 (2017). https://doi.org/10.1109/JIOT.2017.2703172

[60]

Won-Seok Hwang, Jeong-Han Yun, Jonguk Kim, and Hyoung Chun Kim. 2019. Time-Series Aware Precision and Recall for Anomaly Detection: Considering Variety of Detection Result and Addressing Ambiguous Labeling. In Proceedings of the 28th ACM International Conference on Information and Knowledge Management. ACM.

Digital Library

[61]

J. Inoue, Y. Yamagata, Y. Chen, C. M. Poskitt, and J. Sun. 2017. Anomaly Detection for a Water Treatment System Using Unsupervised Machine Learning. In 2017 IEEE International Conference on Data Mining Workshops (ICDMW). https://doi.org/10.1109/ICDMW.2017.149

[62]

M. Iturbe. 2018. PASAD. https://github.com/mikeliturbe/pasad.

[63]

A. Jones, Z. Kong, and C. Belta. 2014. Anomaly detection in cyber-physical systems: A formal methods approach. In 53rd IEEE Conference on Decision and Control. https://doi.org/10.1109/CDC.2014.7039487

[64]

Khurum Nazir Junejo and Jonathan Goh. 2016. Behaviour-Based Attack Detection and Classification in Cyber Physical Systems Using Machine Learning. In Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security(CPSS ’16). https://doi.org/10.1145/2899015.2899016

Digital Library

[65]

Mohamad Kaouk, Jean-Marie Flaus, Marie-Laure Potet, and Roland Groz. 2019. A Review of Intrusion Detection Systems for Industrial Control Systems. In 2019 6th International Conference on Control, Decision and Information Technologies (CoDIT). IEEE. https://doi.org/10.1109/CoDIT.2019.8820602

[66]

Abdullah Khalili and Ashkan Sami. 2015. SysDetect: A systematic approach to critical state determination for Industrial Intrusion Detection Systems using Apriori algorithm. Journal of Process Control 32 (2015). https://doi.org/10.1016/j.jprocont.2015.04.005

[67]

J. Kim. 2019. swat-seq2seq. https://github.com/jukworks/swat-seq2seq/.

[68]

Jonguk Kim, Jeong-Han Yun, and Hyoung Chun” Kim. 2020. Anomaly Detection for Industrial Control Systems Using Sequence-to-Sequence Neural Networks. In Computer Security.

[69]

Jun-Sung Kim, Seong Min So, Joong-Tae Kim, Jung-Won Cho, Hee-Jeong Park, Fauzan Hanif Jufri, and Jaesung Jung. 2019. Microgrids platform: A design and implementation of common platform for seamless microgrids operation. Electric Power Systems Research 167 (2019). https://doi.org/10.1016/j.epsr.2018.10.019

[70]

I. Kiss, B. Genge, and P. Haller. 2015. A clustering-based approach to detect cyber attacks in process control systems. In 2015 IEEE 13th International Conference on Industrial Informatics (INDIN). https://doi.org/10.1109/INDIN.2015.7281725

[71]

Marcel Kneib and Christopher Huth. 2018. Scission: Signal Characteristic-Based Sender Identification and Intrusion Detection in Automotive Networks. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security(CCS ’18). 14 pages. https://doi.org/10.1145/3243734.3243751

Digital Library

[72]

Marcel Kneib, Oleg Schell, and Christopher Huth. 2020. EASI: Edge-Based Sender Identification on Resource-Constrained Platforms for Automotive Networks. In NDSS.

[73]

Z. Kong, A. Jones, and C. Belta. 2017. Temporal Logics for Learning and Detection of Anomalous Behavior. IEEE Trans. Automat. Control 62, 3 (2017). https://doi.org/10.1109/TAC.2016.2585083

[74]

Zhaodan Kong, Austin Jones, Ana Medina Ayala, Ebru Aydin Gol, and Calin Belta. 2014. Temporal Logic Inference for Classification and Prediction from Data. In Proceedings of the 17th International Conference on Hybrid Systems: Computation and Control(HSCC ’14). https://doi.org/10.1145/2562059.2562146

Digital Library

[75]

Moshe Kravchik and Asaf Shabtai. 2018. Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks. In Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy(CPS-SPC ’18). https://doi.org/10.1145/3264888.3264896

Digital Library

[76]

Marina Krotofil, Jason Larsen, and Dieter Gollmann. 2015. The Process Matters: Ensuring Data Veracity in Cyber-Physical Systems. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security(ASIA CCS ’15). https://doi.org/10.1145/2714576.2714599

Digital Library

[77]

Viacheslav Kulik and Ruslan Kirichek. 2018. The Heterogeneous Gateways in the Industrial Internet of Things. In 2018 10th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT). https://doi.org/10.1109/ICUMT.2018.8631232

[78]

Dominik Kus, Eric Wagner, Jan Pennekamp, Konrad Wolsing, Ina Berenice Fink, Markus Dahlmanns, Klaus Wehrle, and Martin Henze. 2022. A False Sense of Security? Revisiting the State of Machine Learning-Based Industrial Intrusion Detection. In Proceedings of the 8th ACM Cyber-Physical System Security Workshop (CPSS). https://doi.org/10.1145/3494107.3522773

Digital Library

[79]

Chih-Yuan Lin and Simin Nadjm-Tehrani. 2018. Understanding IEC-60870-5-104 Traffic Patterns in SCADA Networks. In Proceedings of the 4th ACM Workshop on Cyber-Physical System Security(CPSS ’18). https://doi.org/10.1145/3198458.3198460

Digital Library

[80]

Chih-Yuan Lin and Simin Nadjm-Tehrani. 2019. Timing Patterns and Correlations in Spontaneous SCADA Traffic for Anomaly Detection. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019). https://www.usenix.org/conference/raid2019/presentation/lin

[81]

Chih-Yuan Lin, Simin Nadjm-Tehrani, and Mikael Asplund. 2017. Timing-Based Anomaly Detection in SCADA Networks. In International Conference on Critical Information Infrastructures Security.

[82]

Qin Lin, Sridha Adepu, Sicco Verwer, and Aditya Mathur. 2018. TABOR: A Graphical Model-Based Approach for Anomaly Detection in Industrial Control Systems. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security(ASIACCS ’18). https://doi.org/10.1145/3196494.3196546

Digital Library

[83]

R. Lopez Perez, F. Adamsky, R. Soua, and T. Engel. 2018. Machine Learning for Reliable Network Attack Detection in SCADA Systems. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). https://doi.org/10.1109/TrustCom/BigDataSE.2018.00094

[84]

George Loukas, Eirini Karapistoli, Emmanouil Panaousis, Panagiotis Sarigiannidis, Anatolij Bezemskij, and Tuan Vuong. 2019. A taxonomy and survey of cyber-physical intrusion detection approaches for vehicles. Ad Hoc Networks 84(2019). https://doi.org/10.1016/j.adhoc.2018.10.002

[85]

L. A. Maglaras and J. Jiang. 2014. Intrusion detection in SCADA systems using machine learning techniques. In 2014 Science and Information Conference. https://doi.org/10.1109/SAI.2014.6918252

[86]

M. H. Monzer, K. Beydoun, and J. FLAUS. 2019. Model based rules generation for Intrusion Detection System for industrial systems. In 2019 International Conference on Control, Automation and Diagnosis (ICCAD). https://doi.org/10.1109/ICCAD46983.2019.9037882

[87]

Thomas H Morris, Zach Thornton, and Ian Turnipseed. 2015. Industrial control system simulation and data logging for intrusion detection system research. 7th annual southeastern cyber security summit (2015).

[88]

David Myers, Suriadi Suriadi, Kenneth Radke, and Ernest Foo. 2018. Anomaly detection for industrial control systems using process mining. Computers & Security 78(2018). https://doi.org/10.1016/j.cose.2018.06.002

[89]

Patric Nader, Paul Honeine, and Pierre Beauseroy. 2014. lp-norms in One-Class Classification for Intrusion Detection in SCADA Systems. IEEE Transactions on Industrial Informatics 10, 4 (2014). https://doi.org/10.1109/TII.2014.2330796

[90]

Felix O Olowononi, Danda B Rawat, and Chunmei Liu. 2020. Resilient machine learning for networked cyber physical systems: A survey for machine learning security to securing machine learning for cps. IEEE Communications Surveys & Tutorials 23, 1 (2020).

[91]

Shengyi Pan, Thomas Morris, and Uttam Adhikari. 2015. Developing a Hybrid Intrusion Detection System Using Data Mining for Power Systems. IEEE Transactions on Smart Grid 6, 6 (2015). https://doi.org/10.1109/TSG.2015.2409775

[92]

Ranjit Panigrahi and Samarjeet Borah. 2018. A detailed analysis of CICIDS2017 dataset for designing Intrusion Detection Systems. International Journal of Engineering & Technology 7, 3.24(2018).

[93]

S. Ponomarev and T. Atkison. 2016. Industrial Control System Network Intrusion Detection by Telemetry Analysis. IEEE Transactions on Dependable and Secure Computing 13, 2 (2016). https://doi.org/10.1109/TDSC.2015.2443793

Digital Library

[94]

The Zeek Project. 2021. Zeek. https://zeek.org/

[95]

Raul Quinonez, Jairo Giraldo, Luis Salazar, Erick Bauman, Alvaro Cardenas, and Zhiqiang Lin. 2020. SAVIOR: Securing Autonomous Vehicles with Robust Physical Invariants. In 29th USENIX Security Symposium (USENIX Security 20).

[96]

Panagiotis Radoglou-Grammatikis, Panagiotis Sarigiannidis, George Efstathopoulos, Paris-Alexandros Karypidis, and Antonios Sarigiannidis. 2020. DIDEROT: An Intrusion Detection and Prevention System for DNP3-Based SCADA Systems. In Proceedings of the 15th International Conference on Availability, Reliability and Security(ARES ’20). https://doi.org/10.1145/3407023.3409314

Digital Library

[97]

R. Raj. 2020. PyPASAD. https://github.com/rahulrajpl/PyPASAD/.

[98]

Daniel Ramotsoela, Adnan Abu-Mahfouz, and Gerhard Hancke. 2018. A survey of anomaly detection in industrial wireless sensor networks with critical water system infrastructure as a case study. Sensors 18, 8 (2018).

[99]

Rocio. 2021. ML-NIDS-for-SCADA. https://github.com/Rocionightwater/ML-NIDS-for-SCADA.

[100]

Martin Roesch 1999. Snort: Lightweight intrusion detection for networks. In Lisa, Vol. 99.

[101]

Ondřej Ryšavý and Petr Matoušek. 2021. A Network Traffic Processing Library for ICS Anomaly Detection. In 7th Conference on the Engineering of Computer Based Systems(ECBS 2021). https://doi.org/10.1145/3459960.3459963

Digital Library

[102]

Subin Sapkota, A K M Nuhil Mehdy, Stephen Reese, and Hoda Mehrpouyan. 2020. FALCON: Framework for Anomaly Detection in Industrial Control Systems. Electronics 9, 8 (2020). https://doi.org/10.3390/electronics9081192

[103]

Wenli Shang, Junrong Cui, Ming Wan, Panfeng An, and Peng Zeng. 2016. Modbus Communication Behavior Modeling and SVM Intrusion Detection Method. In Proceedings of the 6th International Conference on Communication and Network Security(ICCNS ’16). https://doi.org/10.1145/3017971.3017978

Digital Library

[104]

Hyeok-Ki Shin, Woomyo Lee, Jeong-Han Yun, and HyoungChun Kim. 2020. HAI 1.0: HIL-based Augmented ICS Security Dataset. In 13th USENIX Workshop on Cyber Security Experimentation and Test (CSET 20). https://www.usenix.org/conference/cset20/presentation/shin

[105]

J. Smith. 2016. ICS-pcap. https://github.com/automayt/ICS-pcap/blob/master/Additional Captures/4SICS-GeekLounge-151022/4SICS-GeekLounge-151022.pcap.

[106]

Robin Sommer. 2003. Bro: An open source network intrusion detection system. In Security, E-learning, E-Services, 17. DFN-Arbeitstagung über Kommunikationsnetze.

[107]

Robin Sommer, Johanna Amann, and Seth Hall. 2015. Spicy: A unified deep packet inspection framework dissecting all your data. Technical report, Tech. rep., ICSI, 2015. TR-15–004 (2015).

[108]

Robin Sommer and Vern Paxson. 2010. Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE symposium on security and privacy. IEEE.

Digital Library

[109]

Bruno Sousa, Tiago Cruz, Vasco Pereira, and Miguel Arieiro. 2021. Denial of Service and Man in The Middle attacks in Programmable Logic Controllers. https://doi.org/10.21227/mewp-g646

[110]

William Stallings and Lawrie Brown. 2015. Computer security: principles and practice(third edition ed.). Pearson.

[111]

Federico Turrin, Alessandro Erba, Nils Ole Tippenhauer, and Mauro Conti. 2020. A Statistical Analysis Framework for ICS Process Datasets. In Proceedings of the 2020 Joint Workshop on CPS&IoT Security and Privacy(CPSIOTSEC’20).

Digital Library

[112]

Federico Turrin, Alessandro Erba, Nils Ole Tippenhauer, and Mauro Conti. 2020. A Statistical Analysis Framework for ICS Process Datasets. In Proceedings of the 2020 Joint Workshop on CPS&IoT Security and Privacy.

Digital Library

[113]

Rafael Uetz, Christian Hemminghaus, Louis Hackländer, Philipp Schlipper, and Martin Henze. 2021. Reproducible and Adaptable Log Data Generation for Sound Cybersecurity Experiments. In Annual Computer Security Applications Conference (ACSAC ’21).

[114]

David I Urbina, Jairo A Giraldo, Alvaro A Cardenas, Nils Ole Tippenhauer, Junia Valente, Mustafa Faisal, Justin Ruths, Richard Candell, and Henrik Sandberg. 2016. Limiting the impact of stealthy attacks on industrial control systems. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security.

Digital Library

[115]

A. Valdes and S. Cheung. 2009. Communication pattern anomaly detection in process control systems. In 2009 IEEE Conference on Technologies for Homeland Security. https://doi.org/10.1109/THS.2009.5168010

[116]

Cybersecurity Ventures. 2019. 2019 Official Annual Cybercrime Report.

[117]

VirusTotal. 2021. YARA. https://virustotal.github.io/yara/

[118]

Eric Wagner, Jan Bauer, and Martin Henze. 2022. Take a Bite of the Reality Sandwich: Revisiting the Security of Progressive Message Authentication Codes. (2022). https://doi.org/10.1145/3507657.3528539

Digital Library

[119]

Jie Wang. 2009. The Art of Intrusion Detection. In Computer Network Security: Theory and Practice.

[120]

Patrick Wiener, Philipp Zehnder, and Dominik Riemer. 2020. Managing geo-distributed stream processing pipelines for the IIoT with StreamPipes edge extensions. In Proceedings of the 14th ACM International Conference on Distributed and Event-based Systems.

Digital Library

[121]

Konrad Wolsing, Eric Wagner, and Martin Henze. 2020. Poster: Facilitating Protocol-independent Industrial Intrusion Detection Systems. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security.

Digital Library

[122]

Y. Yang, H. Xu, L. Gao, Y. Yuan, K. McLaughlin, and S. Sezer. 2017. Multidimensional Intrusion Detection System for IEC 61850-Based SCADA Networks. IEEE Transactions on Power Delivery 32, 2.

[123]

Man-Ki Yoon and Gabriela F Ciocarlie. 2014. Communication pattern monitoring: Improving the utility of anomaly detection for industrial control systems. In Proceedings of the NDSS workshop on Security of Emerging Network Technologies (SENT’14).

[124]

Jeong-Han Yun, Yoonho Hwang, Woomyo Lee, Hee-Kap Ahn, and Sin-Kyu Kim. 2018. Statistical Similarity of Critical Infrastructure Network Traffic Based on Nearest Neighbor Distances. In Research in Attacks, Intrusions, and Defenses.

[125]

Philipp Zehnder, P. Wiener, T. Straub, and D. Riemer. 2020. StreamPipes Connect: Semantics-Based Edge Adapters for the IIoT. In ESWC. Springer.

[126]

Sven Zemanek, Immanuel Hacker, Konrad Wolsing, Eric Wagner, Martin Henze, and Martin Serror. 2022. PowerDuck: A GOOSE Data Set of Cyberattacks in Substations. In Proceedings of the 15th Workshop on Cyber Security Experimentation and Test (CSET).

Digital Library

[127]

Feng Zhang, Min Liu, Zhuo Zhou, and Weiming Shen. 2016. An IoT-based online monitoring system for continuous steel casting. IEEE Internet of Things Journal 3, 6 (2016).

[128]

Chunjie Zhou, Shuang Huang, Naixue Xiong, Shuang-Hua Yang, Huiyun Li, Yuanqing Qin, Xuan Li2015. Design and Analysis of Multimodel-Based Anomaly Intrusion Detection Systems in Industrial Process Automation. IEEE Transactions on Systems, Man, and Cybernetics: Systems 45, 10.

Cited By

Arreche OGuntur TAbdallah M(2024)XAI-IDS: Toward Proposing an Explainable Artificial Intelligence Framework for Enhancing Network Intrusion Detection SystemsApplied Sciences10.3390/app1410417014:10(4170)Online publication date: 14-May-2024
https://doi.org/10.3390/app14104170
Schuster FKönig H(2024)No Need for Details: Effective Anomaly Detection for Process Control Traffic in Absence of Protocol and Attack KnowledgeProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678932(278-297)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678932
Barradas DNovo CPortela BRomeiro SSantos N(2024)Extending C2 Traffic Detection Methodologies: From TLS 1.2 to TLS 1.3-enabled MalwareProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678921(181-196)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678921
Show More Cited By

Index Terms

IPAL: Breaking up Silos of Protocol-dependent and Domain-specific Industrial Intrusion Detection Systems
1. Networks
  1. Network services
    1. Network monitoring
  2. Network types
    1. Cyber-physical networks
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems

Recommendations

Facilitating Protocol-independent Industrial Intrusion Detection Systems
CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

Cyber-physical systems are increasingly threatened by sophisticated attackers, also attacking the physical aspect of systems. Supplementing protective measures, industrial intrusion detection systems promise to detect such attacks. However, due to ...
Overview of intrusion detection and intrusion prevention
InfoSecCD '08: Proceedings of the 5th annual conference on Information security curriculum development

This report provides an overview of IPS systems. In the first section a comparison of IDS and IPS is made, where an IPS system is defined as an integration of IDS and a firewall. The second section describes what is needed to set up an IPS system. In ...
Enhancing Intrusion Detection System with proximity information

Intrusion Detection Systems (IDSes) proposed to identify or prevent the wide spread of worms can be largely classified as signature-based or anomaly-based. Modern worms are often sufficiently intelligent to hide their activities and evade anomaly ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

RAID '22: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses

October 2022

536 pages

ISBN:9781450397049

DOI:10.1145/3545948

Copyright © 2022 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 October 2022

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Deutsche Forschungsgemeinschaft

Conference

RAID 2022

RAID 2022: 25th International Symposium on Research in Attacks, Intrusions and Defenses

October 26 - 28, 2022

Limassol, Cyprus

Acceptance Rates

Overall Acceptance Rate 43 of 173 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
1,196
Total Downloads

Downloads (Last 12 months)668
Downloads (Last 6 weeks)98

Reflects downloads up to 20 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Arreche OGuntur TAbdallah M(2024)XAI-IDS: Toward Proposing an Explainable Artificial Intelligence Framework for Enhancing Network Intrusion Detection SystemsApplied Sciences10.3390/app1410417014:10(4170)Online publication date: 14-May-2024
https://doi.org/10.3390/app14104170
Schuster FKönig H(2024)No Need for Details: Effective Anomaly Detection for Process Control Traffic in Absence of Protocol and Attack KnowledgeProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678932(278-297)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678932
Barradas DNovo CPortela BRomeiro SSantos N(2024)Extending C2 Traffic Detection Methodologies: From TLS 1.2 to TLS 1.3-enabled MalwareProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678921(181-196)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678921
Basels FWolsing KPadilla EBauer J(2024)Demo: Maritime Radar Systems under Attack. Help is on the Way!2024 IEEE 49th Conference on Local Computer Networks (LCN)10.1109/LCN60385.2024.10639793(1-4)Online publication date: 8-Oct-2024
https://doi.org/10.1109/LCN60385.2024.10639793
Bodenhausen JSorgatz CVogt TGrafflage KRötzel SRademacher MHenze M(2024)Securing Wireless Communication in Critical Infrastructure: Challenges and OpportunitiesMobile and Ubiquitous Systems: Computing, Networking and Services10.1007/978-3-031-63989-0_17(333-352)Online publication date: 19-Jul-2024
https://doi.org/10.1007/978-3-031-63989-0_17
Henze MOrtmann MVogt TUgus OHermann KNohr SLu ZMichaelides SMassonet ASchmitt R(2024)Towards Secure 5G Infrastructures for Production SystemsApplied Cryptography and Network Security Workshops10.1007/978-3-031-61489-7_14(198-203)Online publication date: 29-Jun-2024
https://doi.org/10.1007/978-3-031-61489-7_14
Alnajim AHabib SIslam MThwin SAlotaibi F(2023)A Comprehensive Survey of Cybersecurity Threats, Attacks, and Effective Countermeasures in Industrial Internet of ThingsTechnologies10.3390/technologies1106016111:6(161)Online publication date: 13-Nov-2023
https://doi.org/10.3390/technologies11060161
Sen ÖMalskorn PGlomb SHacker IHenze MUlbig A(2023)An Approach to Abstract Multi-stage Cyberattack Data Generation for ML-Based IDS in Smart Grids2023 IEEE Belgrade PowerTech10.1109/PowerTech55446.2023.10202747(01-10)Online publication date: 25-Jun-2023
https://doi.org/10.1109/PowerTech55446.2023.10202747
Wagner ERothaug NWolsing KBader LWehrle KHenze M(2023)Retrofitting Integrity Protection into Unused Header Fields of Legacy Industrial Protocols2023 IEEE 48th Conference on Local Computer Networks (LCN)10.1109/LCN58197.2023.10223384(1-9)Online publication date: 2-Oct-2023
https://doi.org/10.1109/LCN58197.2023.10223384
Sen ÖGlomb SHenze MUlbig A(2023)Benchmark Evaluation of Anomaly-Based Intrusion Detection Systems in the Context of Smart Grids2023 IEEE PES Innovative Smart Grid Technologies Europe (ISGT EUROPE)10.1109/ISGTEUROPE56780.2023.10407262(1-6)Online publication date: 23-Oct-2023
https://doi.org/10.1109/ISGTEUROPE56780.2023.10407262
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents