Implementation of Intrusion Detection System for Automation Devices within Virtual Automation Network

Abstract

Security incidents are becoming more serious and more common not only in computer networks, but also in automation networks. Automation devices are still more and more based on computers and they have the same weak points like standard computers. Actual trends in automation networks are among others wide automation networks covering several manufacture divisions or remote controlling of automation networks through the Internet. Necessity of the remote connection to the automation networks covers all security vulnerabilities and risks which originate from the Internet. Analogically the automation network can be secured by the conventional way through firewalls and VPN tunnels. For this reason new automation firewall device was designed. The VAN firewall includes messaging system for logging all events and alerts. As a basis for VAN (Virtual Automation Network) firewall messaging system IDMEF (Intrusion Detection Message Exchange Format) is used. This paper describes the intrusion detection system and its implementation within the VAN.