Intrusion Detection for sequence-based attacks with reduced traffic models

Benedikt Ferling, Justyna Joanna Chromik, M. Caselli, Anne Katharina Ingrid Remke

Research output: Contribution to conferencePaperAcademicpeer-review

3 Citations (Scopus)
188 Downloads (Pure)

Abstract

Securing control networks (e.g. for power and gas distribution) requires dedicated approaches. Sequence-aware intrusion detection models the network traffic under normal operation to identify malicious behavior. Unfortunately, such models are often large and difficult to handle. This paper proposes a method that generates smaller traffic models and discusses the accuracy of those reduced models in the context of a real control infrastructure employing the IEC 60870-5-104 protocol.
Original languageEnglish
Publication statusPublished - 2018
Event19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018 - Erlangen, Germany
Duration: 26 Feb 201828 Feb 2018
Conference number: 19
http://www.mmb2018.de

Conference

Conference19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018
Abbreviated titleMMB 2018
CountryGermany
CityErlangen
Period26/02/1828/02/18
Internet address

Fingerprint

Intrusion detection
Gases

Keywords

  • Intrusion Detection
  • Sequence attack
  • DTMC
  • SCADA

Cite this

Ferling, B., Chromik, J. J., Caselli, M., & Remke, A. K. I. (2018). Intrusion Detection for sequence-based attacks with reduced traffic models. Paper presented at 19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018, Erlangen, Germany.
Ferling, Benedikt ; Chromik, Justyna Joanna ; Caselli, M. ; Remke, Anne Katharina Ingrid. / Intrusion Detection for sequence-based attacks with reduced traffic models. Paper presented at 19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018, Erlangen, Germany.
@conference{616479aa497e4a54b946b0e27bf2d889,
title = "Intrusion Detection for sequence-based attacks with reduced traffic models",
abstract = "Securing control networks (e.g. for power and gas distribution) requires dedicated approaches. Sequence-aware intrusion detection models the network traffic under normal operation to identify malicious behavior. Unfortunately, such models are often large and difficult to handle. This paper proposes a method that generates smaller traffic models and discusses the accuracy of those reduced models in the context of a real control infrastructure employing the IEC 60870-5-104 protocol.",
keywords = "Intrusion Detection, Sequence attack, DTMC, SCADA",
author = "Benedikt Ferling and Chromik, {Justyna Joanna} and M. Caselli and Remke, {Anne Katharina Ingrid}",
year = "2018",
language = "English",
note = "19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018, MMB 2018 ; Conference date: 26-02-2018 Through 28-02-2018",
url = "http://www.mmb2018.de",

}

Ferling, B, Chromik, JJ, Caselli, M & Remke, AKI 2018, 'Intrusion Detection for sequence-based attacks with reduced traffic models' Paper presented at 19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018, Erlangen, Germany, 26/02/18 - 28/02/18, .

Intrusion Detection for sequence-based attacks with reduced traffic models. / Ferling, Benedikt; Chromik, Justyna Joanna; Caselli, M.; Remke, Anne Katharina Ingrid.

2018. Paper presented at 19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018, Erlangen, Germany.

Research output: Contribution to conferencePaperAcademicpeer-review

TY - CONF

T1 - Intrusion Detection for sequence-based attacks with reduced traffic models

AU - Ferling, Benedikt

AU - Chromik, Justyna Joanna

AU - Caselli, M.

AU - Remke, Anne Katharina Ingrid

PY - 2018

Y1 - 2018

N2 - Securing control networks (e.g. for power and gas distribution) requires dedicated approaches. Sequence-aware intrusion detection models the network traffic under normal operation to identify malicious behavior. Unfortunately, such models are often large and difficult to handle. This paper proposes a method that generates smaller traffic models and discusses the accuracy of those reduced models in the context of a real control infrastructure employing the IEC 60870-5-104 protocol.

AB - Securing control networks (e.g. for power and gas distribution) requires dedicated approaches. Sequence-aware intrusion detection models the network traffic under normal operation to identify malicious behavior. Unfortunately, such models are often large and difficult to handle. This paper proposes a method that generates smaller traffic models and discusses the accuracy of those reduced models in the context of a real control infrastructure employing the IEC 60870-5-104 protocol.

KW - Intrusion Detection

KW - Sequence attack

KW - DTMC

KW - SCADA

M3 - Paper

ER -

Ferling B, Chromik JJ, Caselli M, Remke AKI. Intrusion Detection for sequence-based attacks with reduced traffic models. 2018. Paper presented at 19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018, Erlangen, Germany.