nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Detection of Replay Attack Traffic in ICS Network

verfasst von : Ki-Seob Hong, Hyo-Bin Kim, Dong-Hyun Kim, Jung-Taek Seo

Erschienen in: Applied Computing and Information Technology

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The malicious codes and attacks against ICS today are becoming more advanced and intelligent. The security risk for ICS is increasing, and it’s becoming more important to secure the cyber safety of ICS from these security threats. Recent ICS not only uses serial communication protocol, but also an Ethernet-based control communication protocol. Malicious codes attacking ICS attempts to imitate the corresponding control protocol to insert malware into the payload for communication, or imitates normal control packets for malicious control or disabling of control devices. Also, multiple presentations exist on the possible scenarios of various cyber attack targeting. However, current IDS/IPS for ICS functions with technology to detect attacks based on a blacklist, and thus cannot detect attacks exhibiting new techniques. In order to solve these problems, there have been recent studies on white list based attack detection technology for practical application on ICS. However, current studies on white list based detection technology utilizes a white list based on IP address, service port number information, etc., and thus cannot be utilized to detect attacks exhibiting a replay pattern or in which only data value is changed inside a normal command. This study suggests a technology that can detect attacks exhibiting a replay pattern against ICS, using white list based detection and machine learning to educate control traffic and apply the results to actual detection.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel An International Comparative Study on the Intension to Using Crypto-Currency

Nächstes Kapitel CipherBit192: Encryption Technique for Securing Data

Falliere, N., O Murchu, L., Chien, E.: W32.Stuxnet Dossier, Symantec, version 1.3 edition, November 2010

Virvilis, N., Gritzalis, D.: The big four - what we did wrong in advanced persistent threat detection? In: IEEE Availability, Reliability and Security (ARES), pp. 248–254, September 2013

Bencsath, B., Pek, G., Buttyan, L., Felegyhazi, M.: The cousins of Stuxnet: Duqu, Flame, and Gauss. Proc. Future Internet 4(4), 971–1003 (2012)CrossRef

Piggin, R.: Critical infrastructure under attack. ITNOW 56(4), 30–33 (2014)CrossRef

Khan, R., Maynard, P., McLaughlin, K., Laverty, D., Sezer, S.: Threat analysis of BlackEnergy malware for synchrophasor based real-time control and monitoring in smart grid. In: Proceedings of 4th international symposium on ICS SCADA cyber security research (ICS-CSR), pp. 53–63, August 2016

Cherepanov, A.: Win32/INDUSTROYER-a new threat for industrial control systems, Technical report (2017). https://www.welivesecurity.com/wpcontent/uploads/2017/06/Win32_Industroyer.pdf

Nazir, S., Patel, S., Patel, D.: Assessing and augmenting SCADA cyber security: a survey of techniques. Comput. Secur. 70, 436–454 (2017)CrossRef

Maglaras, L.A., Jiang, J., Cruz, T.J.: Integrated OCSVM mechanism for intrusion detection in SCADA systems. IET Electron. Lett. 50, 1935–1936 (2014)

Klick, J., Lau, S., Marzin, D., Malchow, J.-O., Roth, V.: Internet-facing PLCs - a new back orifice. In: Blackhat USA 2015, Las Vegas, USA (2015)

10.

Spenneberg, R., Brüggemann, M., Schwartke, H.: PLC-blaster: a worm living solely in the PLC. In: Blackhat ASIA 2016, Singapore (2016)

11.

Lei, C., Donghong, L., Liang, M.: The spear to break the security wall of S7CommPlus. In: Blackhat USA 2017, Las Vegas USA (2017)

12.

Ginter, A.: An analysis of Whitelisting security solutions and their applicability in control systems. In: SCADA Security Scientific Symposium (S4), Miami, USA, January 2010

13.

Yoon, J., Kim, W., Seo, J.: Study on technology requirement using the technological trend of security products concerning industrial control system. J. Korea Inst. Inform. Secur. Crytol. 22(5), 22–26 (2012)

14.

Barbosa, R.R.R., Sadre, R., Pras, A.: Flow whitelisting in SCADA networks. Int. J. Crit. Infrastruct. Protect. 6(3), 150–158 (2013)CrossRef

15.

Yoo, H., Yun, J.-H., Shon, T.: Whitelist-based anomaly detection for industrial control system security. J. KICS 38(08), 641–653 (2013)CrossRef

16.

The Tofino security appliance website (2015). http://www.tofinosecurity.com/products

17.

The innominate security technologies mGuard website (2015). http://www.innominate.com/en/products

18.

Kim, B.K., Kang, D.H., Na, J.C., Chung, T.M.: Abnormal traffic filtering mechanism for protecting ICS networks. In: 2016 18th International Conference on Advanced Communication Technology (ICACT), pp. 436–440. IEEE, January 2016

19.

Yang, Y., et al.: Multiattribute SCADAspecific intrusion detection system for power networks. IEEE Trans. Power Deliv. 29(3), 1092–1102 (2014)CrossRef

20.

Yasakethu, S.L.P., Jiang, J.: Intrusion detection via machine learning for SCADA system protection. In: Proceedings of the 1st International Symposium on ICS & SCADA Cyber Security Research 2013, pp. 101–105, 16–17 September 2013, Leicester, UK (2013)

21.

Ponomarev, S., Atkison, T.: Industrial control system network intrusion detection by telemetry analysis. IEEE Trans. Dependable Secure Comput. 13(2), 252–260 (2016)CrossRef

22.

Schuster, F., Paul, A., König, H.: Towards learning normality for anomaly detection in industrial control networks. In: Doyen, G., Waldburger, M., Čeleda, P., Sperotto, A., Stiller, B. (eds.) Emerging Management Mechanisms for the Future Internet. AIMS 2013. LNCS, vol. 7943. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38998-6_8

Titel: Detection of Replay Attack Traffic in ICS Network
verfasst von: Ki-Seob Hong
Hyo-Bin Kim
Dong-Hyun Kim
Jung-Taek Seo
Verlag: Springer International Publishing
Buch: Applied Computing and Information Technology
Print ISBN: 978-3-319-98369-1

Electronic ISBN: 978-3-319-98370-7

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-319-98370-7_10

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"