Flow based monitoring of ICS communication in the smart grid

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F20%3APU138657" target="_blank" >RIV/00216305:26230/20:PU138657 - isvavai.cz</a>

Výsledek na webu

<a href="http://www.sciencedirect.com/science/article/pii/S2214212619311329" target="_blank" >http://www.sciencedirect.com/science/article/pii/S2214212619311329</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1016/j.jisa.2020.102535" target="_blank" >10.1016/j.jisa.2020.102535</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Flow based monitoring of ICS communication in the smart grid

Popis výsledku v původním jazyce

A smart grid network is a part of critical infrastructure, and its interruption or blackout may cause fatal consequences on energy production, distribution, and eventually lives of people. Smart grid networks can be a target of cyber attacks coming from the outside or the inside of the network. Traditional smart grid protection includes firewalls and IDS/IPS devices that are usually deployed on edges of the network where they inspect incoming and outgoing traffic. This approach is adequate to cope with external threats. In case of internal threats caused by, for instance, the malware infecting the control station, it is not easy to detect malicious activity commonly masked as legitimate communication at the network edge. For the successful identification of cyber security attacks, two essential elements are necessary. The first is the visibility of the Industrial Control System (ICS) communication, which enables a smart grid operator to see real-time transmissions in the network. The second important part is an anomaly detection system that analyzes monitoring data and identifies possible cyber security attacks. This paper presents a novel system for monitoring ICS/SCADA protocols based on IP flows extended with application layer data obtained from ICS packet headers. The monitoring system provides an in-depth insight into ICS communication. By applying statistical-based methods or creating communication profiles using probabilistic automata, common security attacks, as well as unknown threats, can be identified. The proposed approach is demonstrated on IEC 60870-5-104 communication.

Název v anglickém jazyce

Flow based monitoring of ICS communication in the smart grid

Popis výsledku anglicky

A smart grid network is a part of critical infrastructure, and its interruption or blackout may cause fatal consequences on energy production, distribution, and eventually lives of people. Smart grid networks can be a target of cyber attacks coming from the outside or the inside of the network. Traditional smart grid protection includes firewalls and IDS/IPS devices that are usually deployed on edges of the network where they inspect incoming and outgoing traffic. This approach is adequate to cope with external threats. In case of internal threats caused by, for instance, the malware infecting the control station, it is not easy to detect malicious activity commonly masked as legitimate communication at the network edge. For the successful identification of cyber security attacks, two essential elements are necessary. The first is the visibility of the Industrial Control System (ICS) communication, which enables a smart grid operator to see real-time transmissions in the network. The second important part is an anomaly detection system that analyzes monitoring data and identifies possible cyber security attacks. This paper presents a novel system for monitoring ICS/SCADA protocols based on IP flows extended with application layer data obtained from ICS packet headers. The monitoring system provides an in-depth insight into ICS communication. By applying statistical-based methods or creating communication profiles using probabilistic automata, common security attacks, as well as unknown threats, can be identified. The proposed approach is demonstrated on IEC 60870-5-104 communication.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/VI20192022138" target="_blank" >VI20192022138: Bezpečnostní monitorování řídicí komunikace ICS v energetických sítích (BONNET)</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2020

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Journal of Information Security and Applications

ISSN

2214-2126

e-ISSN

2214-2134

Svazek periodika

2020

Číslo periodika v rámci svazku

54

Stát vydavatele periodika

GB - Spojené království Velké Británie a Severního Irska

Počet stran výsledku

16

Strana od-do

102535-102535

Kód UT WoS článku

000572992000011

EID výsledku v databázi Scopus

2-s2.0-85086142718