Network-based Intrusion Detection Systems for Industrial Control Systems

dc.contributor.authorAngséus, Johan
dc.contributor.authorEkbom, Rikard
dc.contributor.departmentChalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers)sv
dc.contributor.departmentChalmers University of Technology / Department of Computer Science and Engineering (Chalmers)en
dc.date.accessioned2019-07-03T14:28:09Z
dc.date.available2019-07-03T14:28:09Z
dc.date.issued2017
dc.description.abstractAs Industrial Control Systems (ICSs) become more and more connected it follows that they need to become more secure. Traditional Intrusion Detection Systems (IDSs) do not work well due to the fact that they mostly work on a signature basis and there are not many known signatures to detect attacks on ICSs. Since the network traffic from an ICS is claimed to be static and signatures are scarce, searching for anomalies in the network to detect threats is more effective. This can be achieved using machine learning and other statistical models, teaching the system to tell regular traffic from irregularities. In this thesis we survey papers from related work and evaluate their results, conduct a risk analysis of ICSs from published sources and a workshop with an industry expert. Based on the survey and the risk analysis we analyze over 100 days of network traffic from a water distribution system in order to get further understanding of how ICSs act, both considering network traffic and process semantics. From this work we propose and evaluate three methods to be used when creating a more data driven IDS, capable of detecting process semantic tampering within an ICS. Our results from conducted experiments exhibit a static nature of the data originating from the ICS and the result from evaluating two of the three proposed methods using proof of concept systems, we deem that these anomaly-based detection methods work well for both semantic tampering as well as on a network basis. Having an IDS using a fusion of all three proposed methods, would benefit the security of an ICS since both semantics and network behavior are taken into account.
dc.identifier.urihttps://hdl.handle.net/20.500.12380/249916
dc.language.isoeng
dc.setspec.uppsokTechnology
dc.subjectData- och informationsvetenskap
dc.subjectComputer and Information Science
dc.titleNetwork-based Intrusion Detection Systems for Industrial Control Systems
dc.type.degreeExamensarbete för masterexamensv
dc.type.degreeMaster Thesisen
dc.type.uppsokH
local.programmeComputer systems and networks (MPCSN), MSc
Ladda ner
Original bundle
Visar 1 - 1 av 1
Bild (thumbnail)
Namn:
249916.pdf
Storlek:
5.11 MB
Format:
Adobe Portable Document Format
Beskrivning:
Fulltext