EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


27385 Intrusion Detection in Networked Control Systems: From System Knowledge to Network Security
Home Policy Brochure Browse Search User Area Contact Help

Caselli, M. (2016) Intrusion Detection in Networked Control Systems: From System Knowledge to Network Security. PhD thesis, Univ. of Twente. CTIT Ph.D. Thesis Series No. 16-401 ISBN 978-90-365-4177-0

Full text available as:

PDF

18692 Kb

Official URL: http://dx.doi.org/10.3990/1.9789036541770

Exported to Metis

Abstract

“Networked control system” (NCS) is an umbrella term encompassing a broad variety of infrastructures such as industrial control systems (ICSs) and building automation systems (BASs). Nowadays, all these infrastructures play an important role in several aspects of our daily life, from managing essential services such as en- ergy and water (e.g., critical infrastructures) to monitoring the increasingly smart environments that surround us (e.g., the Internet of Things). Over the years, NCS technology has progressively switched to IT digital networks and integrated to the Internet. This fact has changed the way operators manage and control their infras- tructures and has introduced several security threats. Skilled crackers (also known as black-hat hackers) can remotely access NCSs and change infrastructure behav- ior potentially endangering human lives (e.g., causing a malfunction of a nuclear power plant). For this reason, NCS stakeholders have been facing the challenge of protecting their infrastructures against cyber-attacks and, especially, targeted attacks, namely those attacks carried out by resourceful and motivated organiza- tions (e.g., Stuxnet). A common practice for protecting NCSs includes the use of standard IT security solutions and techniques. However, most of the times, these solutions do not fit such different environments. Furthermore, any security solu- tion applied to NCSs should never interfere with infrastructure operations. This is particularly important when it comes to NCSs that monitor critical infrastruc- tures and thus, sensitive physical processes (e.g., energy production). Finally, most of today’s NCS security solutions still fail to convey accurate information to the operators and do not allow them to quickly and undoubtedly identify potentially dangerous situations. In fact, this would require more sophisticated techniques capable of understanding the surrounding environment and conclusively discern between malicious activities and valid operations.
For all these reasons, this thesis tackles the challenge of developing more in- cisive and effective security solutions for NCSs. We focus on intrusion detection to passively monitor and evaluate infrastructure operations without causing any interference and we aim attention at the acquisition of knowledge about the moni- tored infrastructures to improve the process of detection as well as the feedback to the operators. In what follows, we present a novel approach to NCS security based on the integration between system knowledge acquisition and network intrusion detection. Our work starts by identifying and evaluating valuable sources of infor- mation to gain knowledge about the monitored systems. Then, we show how this knowledge contributes to improving intrusion detection systems (IDSs). Finally, we leverage a specific kind of intrusion detection, namely specification-based in- trusion detection, to strengthen the bond between system knowledge and network security. We achieve this by automating the deployment of specification-based IDSs that autonomously use information gathered from NCS network traffic and analyze NCS-related available documentation to describe infrastructure expected behavior. Tests and evaluations performed on real infrastructures support the pro- posed approach and confirm the advantages of including information about NCS properties and components within the employed security solutions.

Item Type:PhD Thesis
Supervisors:Kargl, F.
Assistant Supervisors:Zambon, Emmanuele
Research Group:EWI-SCS: Services, Cyber security and Safety
Research Program:CTIT-General
Research Project:CRISALIS: Cyber Attacks Against Critical Infrastructures
Uncontrolled Keywords:Intrusion detection, Networked, Control Systems
ID Code:27385
Deposited On:12 November 2016
More Information:statisticsmetis

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item