526
views
0
recommends
+1 Recommend
1 collections
    4
    shares
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Bro in SCADA: dynamic intrusion detection policies based on a system model

      1 , 2 , 1

      5th International Symposium for ICS & SCADA Cyber Security Research 2018 (ICS-CSR 2018)

      ICS & SCADA Cyber Security Research

      29 - 30 August 2018

      Intrusion Detection System, process-aware, SCADA, IDS, power distribution

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          We present an online monitoring tool for SCADA systems based on the network monitor Bro, which can be used locally at field stations. The tool generates alerts when suspicious and erroneous commands and sensor readings are detected. It can hence been seen as a local Intrusion Detection System, as well as an safety enhancement. It maintains a model of the local system, which is updated with incoming packets containing sensor readings and commands. Focusing on the protocol IEC-104, a parser was developed and the packet content was directly fed into the system model. Adaptive policies are implemented in Bro, which formulate physical constraints and safety requirements and allow to check whether SCADA traffic complies to these rules in real time. A case study with a real IEC-104 traffic trace shows the feasibility of our approach.

          Related collections

          Most cited references 17

          • Record: found
          • Abstract: not found
          • Article: not found

          Bro: a system for detecting network intruders in real-time

           Vern Paxson (1999)
            Bookmark
            • Record: found
            • Abstract: not found
            • Conference Proceedings: not found

            Modbus/DNP3 State-Based Intrusion Detection System

              Bookmark
              • Record: found
              • Abstract: not found
              • Conference Proceedings: not found

              Sequence-aware Intrusion Detection in Industrial Control Systems

                Bookmark

                Author and article information

                Contributors
                Conference
                August 2018
                August 2018
                : 112-121
                Affiliations
                [1 ]University of Twente, the Netherlands
                [2 ]University of Twente, the Netherlands, University of Münster, Germany
                Article
                10.14236/ewic/ICS2018.13
                © Chromik et al. Published by BCS Learning and Development Ltd. Proceedings of ICS & SCADA 2018

                This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

                5th International Symposium for ICS & SCADA Cyber Security Research 2018
                ICS-CSR 2018
                5
                University of Hamburg, Germany
                29 - 30 August 2018
                Electronic Workshops in Computing (eWiC)
                ICS & SCADA Cyber Security Research
                Product
                Product Information: 1477-9358BCS Learning & Development
                Self URI (journal page): https://ewic.bcs.org/
                Categories
                Electronic Workshops in Computing

                Comments

                Comment on this article