@inproceedings{f082856f2537479ab288c9a40e7125d3,
title = "Sequence-aware intrusion detection in industrial control systems",
abstract = "Nowadays, several threats endanger cyber-physical systems. Among these systems, industrial control systems (ICS) operating on critical infrastructures have been proven to be an attractive target for attackers. The case of Stuxnet has not only showed that ICSs are vulnerable to cyber-attacks, but also that some of these attacks rely on understanding the processes beyond the employed systems and using such knowledge to maximize the damage. This concept is commonly known as {"}semantic attack{"}. Our paper discusses a specific type of semantic attack involving {"}sequences of events{"}. Common network intrusion detection systems (NIDS) generally search for single, unusual or {"}not permitted{"} operations. In our case, rather than a malicious event, we show how a specific series of {"}permitted{"} operations can elude standard intrusion detection systems and still damage an infrastructure. Moreover, we present a possible approach to the development of a sequence-aware intrusion detection system (S-IDS). We propose a S-IDS reference architecture and we discuss all the steps through its implementations. Finally, we test the S-IDS on real ICS traffic samples captured from a water treatment and purification facility.",
keywords = "SCS-Cybersecurity, EC Grant Agreement nr.: FP7-SEC-285477-CRISALIS, EWI-26538, Semantic attack, IR-98662, Cyber-physical system, Intrusion detection system, METIS-315081, Sequence attack",
author = "M. Caselli and Emmanuele Zambon and Frank Kargl",
note = "eemcs-eprint-26538 ; 1st ACM Workshop on Cyber-Physical System Security ; Conference date: 14-04-2015 Through 17-04-2015",
year = "2015",
month = apr,
doi = "10.1145/2732198.2732200",
language = "Undefined",
isbn = "978-1-4503-3448-8",
series = "CPSS Workshop - AsiaCCS'15",
publisher = "Association for Computing Machinery",
pages = "13--24",
editor = "Jianying Zhou and D. Jones",
booktitle = "Proceedings of the 1st ACM Workshop on Cyber-Physical System Security",
address = "United States",
}