Securing control networks (e.g. for power and gas distribution) requires dedicated approaches. Sequence-aware intrusion detection models the network traffic under normal operation to identify malicious behavior. Unfortunately, such models are often large and difficult to handle. This paper proposes a method that generates smaller traffic models and discusses the accuracy of those reduced models in the context of a real control infrastructure employing the IEC 60870-5-104 protocol.
|Publication status||Published - 2018|
|Event||19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018 - Erlangen, Germany|
Duration: 26 Feb 2018 → 28 Feb 2018
Conference number: 19
|Conference||19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018|
|Abbreviated title||MMB 2018|
|Period||26/02/18 → 28/02/18|
- Intrusion Detection
- Sequence attack
Ferling, B., Chromik, J. J., Caselli, M., & Remke, A. K. I. (2018). Intrusion Detection for sequence-based attacks with reduced traffic models. Paper presented at 19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018, Erlangen, Germany.