Intrusion Detection for sequence-based attacks with reduced traffic models

Benedikt Ferling, Justyna Joanna Chromik, M. Caselli, Anne Katharina Ingrid Remke

    Research output: Contribution to conferencePaper

    3 Citations (Scopus)
    248 Downloads (Pure)

    Abstract

    Securing control networks (e.g. for power and gas distribution) requires dedicated approaches. Sequence-aware intrusion detection models the network traffic under normal operation to identify malicious behavior. Unfortunately, such models are often large and difficult to handle. This paper proposes a method that generates smaller traffic models and discusses the accuracy of those reduced models in the context of a real control infrastructure employing the IEC 60870-5-104 protocol.
    Original languageEnglish
    Publication statusPublished - 2018
    Event19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018 - Erlangen, Germany
    Duration: 26 Feb 201828 Feb 2018
    Conference number: 19
    http://www.mmb2018.de

    Conference

    Conference19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018
    Abbreviated titleMMB 2018
    CountryGermany
    CityErlangen
    Period26/02/1828/02/18
    Internet address

    Keywords

    • Intrusion Detection
    • Sequence attack
    • DTMC
    • SCADA

    Fingerprint Dive into the research topics of 'Intrusion Detection for sequence-based attacks with reduced traffic models'. Together they form a unique fingerprint.

  • Cite this

    Ferling, B., Chromik, J. J., Caselli, M., & Remke, A. K. I. (2018). Intrusion Detection for sequence-based attacks with reduced traffic models. Paper presented at 19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018, Erlangen, Germany.