Cyber-critical infrastructure protection using real-time payload-based anomaly detection

Authors:
Patrick Düssel;Christian Gehl;Pavel Laskov;Jens-Uwe Bußer;Christof Störmann;Jan Kästner
Affiliations:
Fraunhofer Institute FIRST, Intelligent Data Analysis, Berlin, Germany;Fraunhofer Institute FIRST, Intelligent Data Analysis, Berlin, Germany;Fraunhofer Institute FIRST, Intelligent Data Analysis, Berlin, Germany and University of Tübingen, Wilhelm-Schickard-Institute for Computer Science, Tübingen, Germany and Siemens AG;Corporate Technology, Information and Communications, München, Germany;Corporate Technology, Information and Communications, München, Germany;Industrial Automation Systems, Research & Development, Karlsruhe, Germany
Venue:
CRITIS'09 Proceedings of the 4th international conference on Critical information infrastructures security
Year:
2009

Citing 9
Cited 2

A framework for constructing features and models for intrusion detection systems

ACM Transactions on Information and System Security (TISSEC)
Service specific anomaly detection for network intrusion detection

Proceedings of the 2002 ACM symposium on Applied computing
Learning nonstationary models of normal network traffic for detecting novel attacks

Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
POSEIDON: a 2-tier Anomaly-based Network Intrusion Detection System

IWIA '06 Proceedings of the Fourth IEEE International Workshop on Information Assurance
Bro: a system for detecting network intruders in real-time

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Incorporation of Application Layer Protocol Syntax into Anomaly Detection

ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
High-speed intrusion detection in support of critical infrastructure protection

CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Anagram: a content anomaly detector resistant to mimicry attack

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

N-Gram against the machine: on the feasibility of the n-gram network analysis for binary protocols

RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
A survey of intrusion detection techniques for cyber-physical systems

ACM Computing Surveys (CSUR)

Quantified Score

Hi-index	0.00

Visualization

Abstract

With an increasing demand of inter-connectivity and protocol standardization modern cyber-critical infrastructures are exposed to a multitude of serious threats that may give rise to severe damage for life and assets without the implementation of proper safeguards. Thus, we propose a method that is capable to reliably detect unknown, exploit-based attacks on cyber-critical infrastructures carried out over the network. We illustrate the effectiveness of the proposed method by conducting experiments on network traffic that can be found in modern industrial control systems. Moreover, we provide results of a throughput measuring which demonstrate the real-time capabilities of our system.