Specification Mining for Intrusion Detection in Networked Control Systems
Title | Specification Mining for Intrusion Detection in Networked Control Systems |
Publication Type | Conference Paper |
Year of Publication | 2016 |
Authors | Caselli, M., Zambon E., Amann J., Sommer R., & Kargl F. |
Published in | Proceedings of the 25th USENIX Security Symposium |
Page(s) | 790-806 |
Date Published | 08/2016 |
Publisher | USENIX Assoc. |
ISBN Number | 978 -1- 931971-32- 4 |
Abstract | This paper discusses a novel approach to specificationbased intrusion detection in the field of networked control systems. Our approach reduces the substantial human effort required to deploy a specification-based intrusion detection system by automating the development of its specification rules. We observe that networked control systems often include comprehensive documentation used by operators to manage their infrastructures. Our approach leverages the same documentation to automatically derive the specification rules and continuously monitor network traffic. In this paper, we implement this approach for BACnet-based building automation systems and test its effectiveness against two real infrastructures deployed at the University of Twente and the LawrenceBerkeley National Laboratory (LBNL). Our implementation successfully identifies process control mistakes and potentially dangerous misconfigurations. This confirms the need for an improved monitoring of networked con- trol system infrastructures. |
URL | https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_caselli.pdf |
ICSI Research Group | Networking and Security |