Intrusion Detection and Event Monitoring in SCADA Networks
نویسندگان
چکیده
This paper describes the implementation of a customized intrusion detection and event monitoring system for a SCADA/sensor testbed. The system raises alerts upon detecting potential unauthorized access and changes in device settings. By markedly increasing the logging of critical network events, the system shows dramatic improvements in both the security and overall auditing capabilities. In addition to its role in securing SCADA networks, the system assists operators in identifying common configuration errors.
منابع مشابه
Using Model-based Intrusion Detection for SCADA Networks∗
In a model-based intrusion detection approach for protecting SCADA networks, we construct models that characterize the expected/acceptable behavior of the system, and detect attacks that cause violations of these models. Process control networks tend to have static topologies, regular traffic patterns, and a limited number of applications and protocols running on them. Thus, we believe that mod...
متن کاملAdapting Bro into SCADA: Building Specification-based Intrusion Detection System for DNP3 Protocol
Modern SCADA systems are increasingly adopting Internet technology to control industry processes. With their security vulnerabilities exposed to public networks, an attacker is able to penetrate into these control systems to put remote facilities in danger. To detect such attacks, SCADA systems require an intrusion detection technique that can monitor network traffic based on proprietary networ...
متن کاملEvaluation of an Intrusion Detection System for Routing Attacks in Wireless Self-organised Networks
Wireless Sensor Networks (WSNs) arebecoming increasingly popular, and very useful in militaryapplications and environmental monitoring. However,security is a major challenge for WSNs because they areusually setup in unprotected environments. Our goal in thisstudy is to simulate an Intrusion Detection System (IDS)that monitors the WSN and report intrusions accurately andeffectively. We have thus...
متن کاملAnomaly-Based Intrusion Detection for SCADA Systems
Most critical infrastructure such as chemical processing plants, electrical generation and distribution networks, and gas distribution is monitored and controlled by Supervisory Control and Data Acquisition Systems (SCADA). These systems have been the focus of increased security and there are concerns that they could be the target of international terrorists. With the constantly growing number ...
متن کاملAnalysis, classification and detection methods of attacks via wireless sensor networks in SCADA systems
Effectiveness of information security of APCS (automated process control systems), as well as of SCADA (supervisory control and data acquisition) systems, depends on data transmission’s protection technologies applied on transport environment’s components. This article investigates the problem of detecting attacks on WSN (wireless sensor networks) of SCADA systems. As the result of analytical s...
متن کامل