IBEMCS: IDS baseado em eventos Multi-Contexto para SCADA / IBEMCS: event based IDS Multi-Context for SCADA
Abstract
Atualmente os mecanismos de segurança utilizados para detecção de intrusão em ambientes de automação industrial utilizam dados exclusivos TIC (Tecnologia da Informação e Comunicação) ou TO (Tecnologia da Operação). Este trabalho propõe um IDS (Intrusion Detection System) que integra informações TIC e TO para identificação das cadeias de eventos TIC e TO que ocasionaram a falha no processo industrial. Medições demonstram que o tempo de resposta e a taxa de acerto são linearmente proporcionais ao volume de dados processados permitindo um planejamento prévio da arquitetura ao ambiente de trabalho.
Keywords
Full Text:
PDF (Português (Brasil))References
Almalawi, A., Fahad, A., Tari, Z., Alamri, A., Alghamdi, R., & Zomaya, A. Y. (2016). An Efficient Data-Driven Clustering Technique to Detect Attacks in SCADA Systems. IEEE Transactions on Information Forensics and Security, 11(5), 893–906. doi:10.1109/TIFS.2015.2512522
Carcano, A., Coletta, A., Guglielmi, M., Masera, M., Fovino, I. N., & Trombetta, A. (2011). A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems. Industrial Informatics, IEEE Transactions on, 7(2), 179–186. doi:10.1109/TII.2010.2099234
Goldenberg, N., & Wool, A. (2013). Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. International Journal of Critical Infrastructure Protection, 6(2), 63–75. doi:10.1016/j.ijcip.2013.05.001
Maglaras, L. A., & Jiang, J. (2014). Intrusion detection in SCADA systems using machine learning techniques. In 2014 Science and Information Conference (pp. 626–631). doi:10.1109/SAI.2014.6918252
Nai Fovino, I., Coletta, A., Carcano, A., & Masera, M. (2012). Critical state-based filtering system for securing SCADA network protocols. IEEE Transactions on Industrial Electronics, 59(10), 3943–3950. doi:10.1109/TIE.2011.2181132
Sayegh, N., Elhajj, I. H., Kayssi, A., & Chehab, A. (2014). SCADA Intrusion Detection System based on temporal behavior of frequent patterns. MELECON 2014 - 2014 17th IEEE Mediterranean Electrotechnical Conference, (April), 432–438. doi:10.1109/MELCON.2014.6820573
Schuster, F., & Paul, A. (2012). A distributed intrusion detection system for industrial automation networks. In Proceedings of 2012 IEEE 17th International Conference on Emerging Technologies & Factory Automation (ETFA 2012) (pp. 1–4). doi:10.1109/ETFA.2012.6489703
Shosha, A. F., Gladyshev, P., Wu, S. S., & Liu, C. C. (2011). Detecting cyber intrusions in SCADA networks using multi-agent collaboration. In 2011 16th International Conference on Intelligent System Applications to Power Systems, ISAP 2011 (pp. 1–7). doi:10.1109/ISAP.2011.6082170
Tiago Cruz, Jorge Proença, Paulo Simões, Matthieu Aubigny, Moussa Ouedraogo, Antonio Graziano, L. Y. (2014). Improving Cyber Security Awareness on Industrial Control Systems: The CockpitCI Approach. 13th European Conference on Cyber Warfare and Security The University of Piraeus Greece 3-4 July 2014, (July), 326.
Snort.org. (2016). Snort. Retrieved June 24, 2016, from https://www.snort.org/
Elasticsearch. (2016). Retrieved June 24, 2016, from https://www.elastic.co/
Quickdraw SCADA IDS (2016). Retrieved September 12, 2016, http://www.digitalbond.com/tools/quickdraw/
Aramaki, T. L., Vellasco, M. M. B. R., & Barbosa, C. R. H. (2015). A neural network approach for leak detection and localization in liquid pipelines. In 8th Brazilian Congress on Metrology (pp. 2–5). Bento Gonçalves.
NVD (2016). Retrieved September 12, 2016, https://nvd.nist.gov/
CVE (2016). Retrieved September 12, 2016, https://cve.mitre.org/
RISI (2016). Retrieved September 12, 2016, http://www.risidata.com/
Falliere, N., Murchu, L. O., & Chien, E. (2011). W32.Stuxnet Dossier. Symantec-Security Response, Version 1.(February 2011), 1–69. http://doi.org/20 September 2015
DOI: https://doi.org/10.34117/bjdv7n1-269
Refbacks
- There are currently no refbacks.