Si-Jung Kim, Bonghan Kim, Sang-Soo Yeo, Do-Eun Cho
{"title":"m连接SCADA网络的网络异常检测","authors":"Si-Jung Kim, Bonghan Kim, Sang-Soo Yeo, Do-Eun Cho","doi":"10.1109/BWCCA.2013.61","DOIUrl":null,"url":null,"abstract":"In the current national critical infrastructures, SCADA systems and networks are playing very important roles. Unfortunately, most of closed-network SCADA systems have been considered as very secure against cyber-attacks. Because they use their own operating systems and communication/ network protocols, and their private networks are physically isolated from the public networks and the Internet. However, in case the closed SCADA system has m-connected status due to its maintenance, updates, and patches, it is no longer perfectly secure against cyber-attacks. This paper analyzes vulnerabilities of m-connected SCADA networks and proposes a novel security model for detecting network anomalies. The proposed model is based on an intrusion detection system using the network-based pattern reference method, which has two kinds of rule sets - one is the base rule set, and the other is dynamically produced rule set. The basic rule set can be set with pre-known intrusion patterns, and a dynamically produced new rule set can be set by detecting network anomalies under specific threshold values. Such new rule set would be adapted to the pattern reference model in its next execution time. Therefore, the proposed security model can identify abnormal command execution more effectively and efficiently.","PeriodicalId":227978,"journal":{"name":"2013 Eighth International Conference on Broadband and Wireless Computing, Communication and Applications","volume":"12 11","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Network Anomaly Detection for M-Connected SCADA Networks\",\"authors\":\"Si-Jung Kim, Bonghan Kim, Sang-Soo Yeo, Do-Eun Cho\",\"doi\":\"10.1109/BWCCA.2013.61\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the current national critical infrastructures, SCADA systems and networks are playing very important roles. Unfortunately, most of closed-network SCADA systems have been considered as very secure against cyber-attacks. Because they use their own operating systems and communication/ network protocols, and their private networks are physically isolated from the public networks and the Internet. However, in case the closed SCADA system has m-connected status due to its maintenance, updates, and patches, it is no longer perfectly secure against cyber-attacks. This paper analyzes vulnerabilities of m-connected SCADA networks and proposes a novel security model for detecting network anomalies. The proposed model is based on an intrusion detection system using the network-based pattern reference method, which has two kinds of rule sets - one is the base rule set, and the other is dynamically produced rule set. The basic rule set can be set with pre-known intrusion patterns, and a dynamically produced new rule set can be set by detecting network anomalies under specific threshold values. Such new rule set would be adapted to the pattern reference model in its next execution time. Therefore, the proposed security model can identify abnormal command execution more effectively and efficiently.\",\"PeriodicalId\":227978,\"journal\":{\"name\":\"2013 Eighth International Conference on Broadband and Wireless Computing, Communication and Applications\",\"volume\":\"12 11\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-10-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 Eighth International Conference on Broadband and Wireless Computing, Communication and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/BWCCA.2013.61\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 Eighth International Conference on Broadband and Wireless Computing, Communication and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BWCCA.2013.61","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Network Anomaly Detection for M-Connected SCADA Networks
In the current national critical infrastructures, SCADA systems and networks are playing very important roles. Unfortunately, most of closed-network SCADA systems have been considered as very secure against cyber-attacks. Because they use their own operating systems and communication/ network protocols, and their private networks are physically isolated from the public networks and the Internet. However, in case the closed SCADA system has m-connected status due to its maintenance, updates, and patches, it is no longer perfectly secure against cyber-attacks. This paper analyzes vulnerabilities of m-connected SCADA networks and proposes a novel security model for detecting network anomalies. The proposed model is based on an intrusion detection system using the network-based pattern reference method, which has two kinds of rule sets - one is the base rule set, and the other is dynamically produced rule set. The basic rule set can be set with pre-known intrusion patterns, and a dynamically produced new rule set can be set by detecting network anomalies under specific threshold values. Such new rule set would be adapted to the pattern reference model in its next execution time. Therefore, the proposed security model can identify abnormal command execution more effectively and efficiently.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
