Abstract
Traditional cyber-security countermeasures are inadequate for protecting modern Industrial Critical Infrastructures. In this paper we present an innovative filtering technique for industrial protocols based on the state analysis of the system being monitored. Since we focus our attention on the system behavior rather than on modeling the behavior of the possible attackers, this approach enables the detection of previously unknown attacks. Moreover, we introduce the concept of Critical State Prediction, function that is used for anticipating the evolution of the system towards possible critical states. Finally we provide experimental comparative results that confirm the validity of the proposed approach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Creery, A.A., Byres, E.J.: Industrial Cybersecurity for power system and SCADA networks. IEE Industry Apllication Magazine (July-August 2007)
Nai Fovino, I., Carcano, A., Masera, M.: Secure Modbus Protocol, a proof of concept. In: Proc. of the 3rd IFIP Int. Conf. on Critical Infrastructure Protection, Hanover, NH., USA (2009)
Chandia, R., Gonzalez, J., Kilpatrick, T., Papa, M., Shenoi, S.: Security Strategies for Scada Networks. In: Proceeding of the First Int. Conference on Critical Infrastructure Protection, Hanover, NH., USA, March 19-21 (2007)
Majdalawieh, M., Parisi-Presicce, F., Wijesekera, D.: Distributed Network Protocol Security (DNPSec) security framework. In: Proceedings of the 21st Annual Computer Security Applications Conference, Tucson, Arizona, December 5-9 (2005)
Hong, J.H.C.S., Ho Ju, S., Lim, Y.H., Lee, B.S., Hyun, D.H.: A Security Mechanism for Automation Control in PLC-based Networks. In: Proceedings of the ISPLC 2007, IEEE International Symposium on Power Line Communications and Its Applications, Pisa, Italy, March 26-28, pp. 466–470 (2007)
Mander, T., Nabhani, F., Wang, L., Cheung, R.: Data Object Based Security for DNP3 Over TCP/IP for Increased Utility Commercial Aspects Security. In: Proceedings of the Power Engineering Society General Meeting, Tampa, FL, USA, June 24-28, pp. 1–8. IEEE, Los Alamitos (2007)
Nai Fovino, I., Carcano, A., Masera, M., Trombetta, A.: An experimental investigation of malware attacks on SCADA systems. International Journal of Critical Infrastructure Protection 2(4) (2009)
Nai Fovino, I., Carcano, A., Masera, M., Trombetta, A., Delacheze-Murel, T.: Modbus/DNP3 State-based Intrusion Detection System. In: Proceedings of the 24th International Conference on Advanced Information Networking and Applications, Perth, Australia, April 20-23 (2010)
http://modbusfw.sourceforge.net/ (last access May 28, 2010)
Nai Fovino, I., Masera, M., Leszczyna, R.: ICT Security Assessment of a Power Plant, a Case Study. In: Proceeding of the Second Int. Conference on Critical Infrastructure Protection, Arlington, USA (March 2008)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nai Fovino, I., Carcano, A., Coletta, A., Guglielmi, M., Masera, M., Trombetta, A. (2011). State-Based Firewall for Industrial Protocols with Critical-State Prediction Monitor. In: Xenakis, C., Wolthusen, S. (eds) Critical Information Infrastructures Security. CRITIS 2010. Lecture Notes in Computer Science, vol 6712. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21694-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-21694-7_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21693-0
Online ISBN: 978-3-642-21694-7
eBook Packages: Computer ScienceComputer Science (R0)