Cross-domain alert correlation methodology for industrial control systems
نویسندگان
چکیده
Alert correlation is a set of techniques that process alerts raised by intrusion detection systems to eliminate redundant alerts, reduce the number false positives, and reconstruct attack scenarios. Since Industrial Control Systems (ICSs) exhibit both physical cyber domain, they present unique challenges for alert correlation. The presence heterogeneous domains each with its specific threats has led development multi-domain techniques. Indeed, some approaches rely solely on observations at level while other will monitor process. Although these two are complementary, nature information carried differs. In this article, we develop an framework tailored explicitly ICSs. We combine domain more classical alerts. approach maps into using enrichment. also propose selection adapts state dynamically adjusting size selected window. test our realistic experimental setup publicly release all datasets used derive results. Our cross-domain methodology achieves better metrics compared temporal-based in terms rate, missing rate reduction.
منابع مشابه
FPGA Design Methodology for Industrial Control Systems - A Review
This paper reviews the state of the art of Field Programmable Gate Array (FPGA) design methodologies with a focus on Industrial Control System applications. The paper starts with an overview of FPGA technology development, followed by a presentation of design methodologies, development tools and relevant CAD environments, including the use of portable Hardware Description Languages and System L...
متن کاملProbabilistic Alert Correlation
With the growing deployment of host and network intrusion detection systems, managing reports from these systems becomes critically important. We present a probabilistic approach to alert correlation, extending ideas from multisensor data fusion. Features used for alert correlation are based on alert content that anticipates evolving IETF standards. The probabilistic approach provides a unified...
متن کاملCase-Oriented Alert Correlation
Correlating alerts is of importance for identifying complex attacks and discarding false alerts. Most popular alert correlation approaches employ some well-defined knowledge to uncover the connections among alerts. However, acquiring, representing and justifying such knowledge has turned out to be a nontrivial task. In this paper, we propose a novel method to work around these difficulties by u...
متن کاملReusable industrial control systems
Industrial control hardware may be reused for several purposes. The same industrial PC type may control the drives of a portal system, act as a programmable logic controller, or control any other device. Moreover the same piece of hardware may control different device types at the same time in concurrency. In this paper, we discuss four successive software engineering approaches to exploit the ...
متن کاملA Design Methodology for Distributed Embedded Systems in Industrial Automation
Starting from the special requirements of the application domain, a methodology based on modelbased development, component-based development, and network-based composition is presented. The methodology has been implemented on top of object-oriented concepts, and UML in particular, using commercially available tools.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Computers & Security
سال: 2022
ISSN: ['0167-4048', '1872-6208']
DOI: https://doi.org/10.1016/j.cose.2022.102723