Intrusion Detection for sequence-based attacks with reduced traffic models

Benedikt Ferling; Justyna Joanna Chromik; M. Caselli; Anne Katharina Ingrid Remke

doi:10.1007/978-3-319-74947-1_4

Intrusion Detection for sequence-based attacks with reduced traffic models

Benedikt Ferling, Justyna Joanna Chromik, M. Caselli, Anne Katharina Ingrid Remke

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

10 Citations (Scopus)

497 Downloads (Pure)

Abstract

Securing control networks (e.g. for power and gas distribution) requires dedicated approaches. Sequence-aware intrusion detection models the network traffic under normal operation to identify malicious behavior. Unfortunately, such models are often large and difficult to handle. This paper proposes a method that generates smaller traffic models and discusses the accuracy of those reduced models in the context of a real control infrastructure employing the IEC 60870-5-104 protocol.

Original language	English
Title of host publication	Measurement, Modelling and Evaluation of Computing Systems
Subtitle of host publication	19th International GI/ITG Conference, MMB 2018, Erlangen, Germany, February 26-28, 2018, Proceedings
Editors	Reinhard German, Kai-Steffen Hielscher, Udo R. Krieger
Publisher	Springer
Pages	53-67
Number of pages	15
ISBN (Electronic)	978-3-319-74947-1
ISBN (Print)	978-3-319-74946-4
DOIs	https://doi.org/10.1007/978-3-319-74947-1_4
Publication status	Published - 2018
Event	19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018 - Erlangen, Germany Duration: 26 Feb 2018 → 28 Feb 2018 Conference number: 19 http://www.mmb2018.de

Conference

Conference	19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018
Abbreviated title	MMB 2018
Country/Territory	Germany
City	Erlangen
Period	26/02/18 → 28/02/18
Internet address	http://www.mmb2018.de

Keywords

Intrusion Detection
Sequence attack
DTMC
SCADA

Access to Document

10.1007/978-3-319-74947-1_4

intrusion-detection-sequenceAccepted author version, 5.29 MB

Cite this

Ferling, B., Chromik, J. J., Caselli, M., & Remke, A. K. I. (2018). Intrusion Detection for sequence-based attacks with reduced traffic models. In R. German, K.-S. Hielscher, & U. R. Krieger (Eds.), Measurement, Modelling and Evaluation of Computing Systems: 19th International GI/ITG Conference, MMB 2018, Erlangen, Germany, February 26-28, 2018, Proceedings (pp. 53-67). Springer. https://doi.org/10.1007/978-3-319-74947-1_4

Ferling, Benedikt ; Chromik, Justyna Joanna ; Caselli, M. et al. / Intrusion Detection for sequence-based attacks with reduced traffic models. Measurement, Modelling and Evaluation of Computing Systems: 19th International GI/ITG Conference, MMB 2018, Erlangen, Germany, February 26-28, 2018, Proceedings. editor / Reinhard German ; Kai-Steffen Hielscher ; Udo R. Krieger. Springer, 2018. pp. 53-67

@inproceedings{616479aa497e4a54b946b0e27bf2d889,

title = "Intrusion Detection for sequence-based attacks with reduced traffic models",

abstract = "Securing control networks (e.g. for power and gas distribution) requires dedicated approaches. Sequence-aware intrusion detection models the network traffic under normal operation to identify malicious behavior. Unfortunately, such models are often large and difficult to handle. This paper proposes a method that generates smaller traffic models and discusses the accuracy of those reduced models in the context of a real control infrastructure employing the IEC 60870-5-104 protocol.",

keywords = "Intrusion Detection, Sequence attack, DTMC, SCADA",

author = "Benedikt Ferling and Chromik, {Justyna Joanna} and M. Caselli and Remke, {Anne Katharina Ingrid}",

year = "2018",

doi = "10.1007/978-3-319-74947-1_4",

language = "English",

isbn = "978-3-319-74946-4",

pages = "53--67",

editor = "Reinhard German and Kai-Steffen Hielscher and Krieger, {Udo R.}",

booktitle = "Measurement, Modelling and Evaluation of Computing Systems",

publisher = "Springer",

address = "Germany",

note = "19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018, MMB 2018 ; Conference date: 26-02-2018 Through 28-02-2018",

url = "http://www.mmb2018.de",

}

Ferling, B, Chromik, JJ, Caselli, M & Remke, AKI 2018, Intrusion Detection for sequence-based attacks with reduced traffic models. in R German, K-S Hielscher & UR Krieger (eds), Measurement, Modelling and Evaluation of Computing Systems: 19th International GI/ITG Conference, MMB 2018, Erlangen, Germany, February 26-28, 2018, Proceedings. Springer, pp. 53-67, 19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018, Erlangen, Germany, 26/02/18. https://doi.org/10.1007/978-3-319-74947-1_4

Intrusion Detection for sequence-based attacks with reduced traffic models. / Ferling, Benedikt; Chromik, Justyna Joanna; Caselli, M. et al.
Measurement, Modelling and Evaluation of Computing Systems: 19th International GI/ITG Conference, MMB 2018, Erlangen, Germany, February 26-28, 2018, Proceedings. ed. / Reinhard German; Kai-Steffen Hielscher; Udo R. Krieger. Springer, 2018. p. 53-67.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Intrusion Detection for sequence-based attacks with reduced traffic models

AU - Ferling, Benedikt

AU - Chromik, Justyna Joanna

AU - Caselli, M.

AU - Remke, Anne Katharina Ingrid

N1 - Conference code: 19

PY - 2018

Y1 - 2018

N2 - Securing control networks (e.g. for power and gas distribution) requires dedicated approaches. Sequence-aware intrusion detection models the network traffic under normal operation to identify malicious behavior. Unfortunately, such models are often large and difficult to handle. This paper proposes a method that generates smaller traffic models and discusses the accuracy of those reduced models in the context of a real control infrastructure employing the IEC 60870-5-104 protocol.

AB - Securing control networks (e.g. for power and gas distribution) requires dedicated approaches. Sequence-aware intrusion detection models the network traffic under normal operation to identify malicious behavior. Unfortunately, such models are often large and difficult to handle. This paper proposes a method that generates smaller traffic models and discusses the accuracy of those reduced models in the context of a real control infrastructure employing the IEC 60870-5-104 protocol.

KW - Intrusion Detection

KW - Sequence attack

KW - DTMC

KW - SCADA

U2 - 10.1007/978-3-319-74947-1_4

DO - 10.1007/978-3-319-74947-1_4

M3 - Conference contribution

SN - 978-3-319-74946-4

SP - 53

EP - 67

BT - Measurement, Modelling and Evaluation of Computing Systems

A2 - German, Reinhard

A2 - Hielscher, Kai-Steffen

A2 - Krieger, Udo R.

PB - Springer

T2 - 19th International GI/ITG Conference on “Measurement, Modelling and Evaluation of Computing Systems” 2018

Y2 - 26 February 2018 through 28 February 2018

ER -

Ferling B, Chromik JJ, Caselli M, Remke AKI. Intrusion Detection for sequence-based attacks with reduced traffic models. In German R, Hielscher KS, Krieger UR, editors, Measurement, Modelling and Evaluation of Computing Systems: 19th International GI/ITG Conference, MMB 2018, Erlangen, Germany, February 26-28, 2018, Proceedings. Springer. 2018. p. 53-67 doi: 10.1007/978-3-319-74947-1_4

Intrusion Detection for sequence-based attacks with reduced traffic models

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this