IBEMCS: IDS baseado em eventos Multi-Contexto para SCADA / IBEMCS: event based IDS Multi-Context for SCADA

Anderson Mussel D'Aquino, Luiz Fernando Rust da Costa Carmo, Luci Pirmez, Claudio Miceli de Farias

Abstract


Atualmente os mecanismos de segurança utilizados para detecção de intrusão em ambientes de automação industrial utilizam dados exclusivos TIC (Tecnologia da Informação e Comunicação) ou TO (Tecnologia da Operação). Este trabalho propõe um IDS (Intrusion Detection System) que integra informações TIC e TO para identificação das cadeias de eventos TIC e TO que ocasionaram a falha no processo industrial. Medições demonstram que o tempo de resposta e a taxa de acerto são linearmente proporcionais ao volume de dados processados permitindo um planejamento prévio da arquitetura ao ambiente de trabalho.


Keywords


IDS SCADA, Segurança ICS.

References


Almalawi, A., Fahad, A., Tari, Z., Alamri, A., Alghamdi, R., & Zomaya, A. Y. (2016). An Efficient Data-Driven Clustering Technique to Detect Attacks in SCADA Systems. IEEE Transactions on Information Forensics and Security, 11(5), 893–906. doi:10.1109/TIFS.2015.2512522

Carcano, A., Coletta, A., Guglielmi, M., Masera, M., Fovino, I. N., & Trombetta, A. (2011). A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems. Industrial Informatics, IEEE Transactions on, 7(2), 179–186. doi:10.1109/TII.2010.2099234

Goldenberg, N., & Wool, A. (2013). Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. International Journal of Critical Infrastructure Protection, 6(2), 63–75. doi:10.1016/j.ijcip.2013.05.001

Maglaras, L. A., & Jiang, J. (2014). Intrusion detection in SCADA systems using machine learning techniques. In 2014 Science and Information Conference (pp. 626–631). doi:10.1109/SAI.2014.6918252

Nai Fovino, I., Coletta, A., Carcano, A., & Masera, M. (2012). Critical state-based filtering system for securing SCADA network protocols. IEEE Transactions on Industrial Electronics, 59(10), 3943–3950. doi:10.1109/TIE.2011.2181132

Sayegh, N., Elhajj, I. H., Kayssi, A., & Chehab, A. (2014). SCADA Intrusion Detection System based on temporal behavior of frequent patterns. MELECON 2014 - 2014 17th IEEE Mediterranean Electrotechnical Conference, (April), 432–438. doi:10.1109/MELCON.2014.6820573

Schuster, F., & Paul, A. (2012). A distributed intrusion detection system for industrial automation networks. In Proceedings of 2012 IEEE 17th International Conference on Emerging Technologies & Factory Automation (ETFA 2012) (pp. 1–4). doi:10.1109/ETFA.2012.6489703

Shosha, A. F., Gladyshev, P., Wu, S. S., & Liu, C. C. (2011). Detecting cyber intrusions in SCADA networks using multi-agent collaboration. In 2011 16th International Conference on Intelligent System Applications to Power Systems, ISAP 2011 (pp. 1–7). doi:10.1109/ISAP.2011.6082170

Tiago Cruz, Jorge Proença, Paulo Simões, Matthieu Aubigny, Moussa Ouedraogo, Antonio Graziano, L. Y. (2014). Improving Cyber Security Awareness on Industrial Control Systems: The CockpitCI Approach. 13th European Conference on Cyber Warfare and Security The University of Piraeus Greece 3-4 July 2014, (July), 326.

Snort.org. (2016). Snort. Retrieved June 24, 2016, from https://www.snort.org/

Elasticsearch. (2016). Retrieved June 24, 2016, from https://www.elastic.co/

Quickdraw SCADA IDS (2016). Retrieved September 12, 2016, http://www.digitalbond.com/tools/quickdraw/

Aramaki, T. L., Vellasco, M. M. B. R., & Barbosa, C. R. H. (2015). A neural network approach for leak detection and localization in liquid pipelines. In 8th Brazilian Congress on Metrology (pp. 2–5). Bento Gonçalves.

NVD (2016). Retrieved September 12, 2016, https://nvd.nist.gov/

CVE (2016). Retrieved September 12, 2016, https://cve.mitre.org/

RISI (2016). Retrieved September 12, 2016, http://www.risidata.com/

Falliere, N., Murchu, L. O., & Chien, E. (2011). W32.Stuxnet Dossier. Symantec-Security Response, Version 1.(February 2011), 1–69. http://doi.org/20 September 2015




DOI: https://doi.org/10.34117/bjdv7n1-269

Refbacks

  • There are currently no refbacks.