Industrial Control systems traditionally achieved security by using isolation from the outside and proprietary protocols to communicate inside. This paradigm is changed with the advent of the Industrial Internet of Things that foresees flexible and interconnected systems. In this contribution, the threats coming from this new approach are analyzed and a framework for identify them is proposed. It is based on the common signature based intrusion detection system developed in the information technology domain, however, to cope with the constraints of the operation technology domain, it exploits anomaly based features. Specifically, it is able to analyze the traffic on the network at application layer by mean of deep packet inspection, parsing the information carried by the proprietary protocols. Two different topologies are adopted to cope also with legacy systems. A simple set up is considered to prove the effectiveness of the approach.
Colelli, R., Panzieri, S., Pascucci, F. (2018). Exploiting System Model for Securing CPS: The Anomaly Based IDS Perspective. In IEEE International Conference on Emerging Technologies and Factory Automation, ETFA (pp.1171-1174). Institute of Electrical and Electronics Engineers Inc. [10.1109/ETFA.2018.8502495].
Exploiting System Model for Securing CPS: The Anomaly Based IDS Perspective
Colelli, Riccardo;Panzieri, Stefano;Pascucci, Federica
2018-01-01
Abstract
Industrial Control systems traditionally achieved security by using isolation from the outside and proprietary protocols to communicate inside. This paradigm is changed with the advent of the Industrial Internet of Things that foresees flexible and interconnected systems. In this contribution, the threats coming from this new approach are analyzed and a framework for identify them is proposed. It is based on the common signature based intrusion detection system developed in the information technology domain, however, to cope with the constraints of the operation technology domain, it exploits anomaly based features. Specifically, it is able to analyze the traffic on the network at application layer by mean of deep packet inspection, parsing the information carried by the proprietary protocols. Two different topologies are adopted to cope also with legacy systems. A simple set up is considered to prove the effectiveness of the approach.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
