Abstract
Detection of previously unknown attacks and malicious messages is a challenging problem faced by modern network intrusion detection systems. Anomaly-based solutions, despite being able to detect unknown attacks, have not been used often in practice due to their high false positive rate, and because they provide little actionable information to the security officer in case of an alert. In this paper we focus on intrusion detection in industrial control systems networks and we propose an innovative, practical and semantics-aware framework for anomaly detection. The network communication model and alerts generated by our framework are userunderstandable, making them much easier to manage. At the same time the framework exhibits an excellent tradeoff between detection rate and false positive rate, which we show by comparing it with two existing payload-based anomaly detection methods on several ICS datasets.
Original language | Undefined |
---|---|
Title of host publication | SAC '16 Proceedings of the 31st Annual ACM Symposium on Applied Computing |
Place of Publication | New York |
Publisher | Association for Computing Machinery (ACM) |
Pages | 2063-2070 |
Number of pages | 8 |
ISBN (Print) | 978-1-4503-3739-7 |
DOIs | |
Publication status | Published - 4 Apr 2016 |
Event | 31st Annual ACM Symposium on Applied Computing, SAC 2016 - Pisa, Italy Duration: 4 Apr 2016 → 8 Apr 2016 Conference number: 31 https://www.sigapp.org/sac/sac2016/ |
Publication series
Name | |
---|---|
Publisher | ACM |
Volume | 1 |
Conference
Conference | 31st Annual ACM Symposium on Applied Computing, SAC 2016 |
---|---|
Abbreviated title | SAC |
Country/Territory | Italy |
City | Pisa |
Period | 4/04/16 → 8/04/16 |
Internet address |
Keywords
- SCS-Cybersecurity
- EWI-27112
- METIS-318477
- Anomaly Detection
- Industrial control systems
- IR-100902