Better Safe Than Sorry: Risk Management Based on a Safety-Augmented Network Intrusion Detection System

被引：5

作者：

Brenner, Bernhard ^{[1
]}

Hollerer, Siegfried ^{[2
]}

Bhosale, Pushparaj ^{[2
]}

Sauter, Thilo ^{[2
,3
]}

Kastner, Wolfgang ^{[2
]}

Fabini, Joachim ^{[1
]}

Zseby, Tanja ^{[1
]}

机构：

[1] TU Wien, Inst Telecommun, A-1040 Vienna, Austria

[2] TU Wien, Inst Comp Engn, A-1040 Vienna, Austria

[3] Donau Univ Krems, Ctr Distributed Syst & Sensor Networks, A-2700 Wiener Neustadt, Austria

来源：

IEEE OPEN JOURNAL OF THE INDUSTRIAL ELECTRONICS SOCIETY | 2023年 / 4卷

关键词：

Industrial control systems (ICSs); incident response; information technology (IT)/operational technology (OT) convergence; OT security; risk management; safety; SECURITY;

D O I：

10.1109/OJIES.2023.3297057

中图分类号：

TM [电工技术]; TN [电子技术、通信技术];

学科分类号：

0808 ; 0809 ;

摘要：

Interconnected industrial control system (ICS) networks based on routable protocols are susceptible to remote attacks similar to classical information technology (IT) networks. However, addressing ICS security in an isolated view is dangerous since ICSs have to ensure safety measures for people, processes, and the environment. The safety and security of ICSs are often addressed separately, without considering their important interrelation. Safety measures can violate security policies (e.g., an emergency stop function accessible by anyone); likewise, a security incident can violate safety policies (e.g., by increasing reaction time). In this article, we propose a network-based intrusion detection system with the interrelation between safety and security in mind. It detects security incidents while evaluating possible safety-related consequences of both the detected attack and possible countermeasures. We evaluate our approach with a Proof of Concept (PoC). The alerts generated by the PoC prototype serve as the basis for a risk management strategy proposed in this article. Our approach provides a basis for safety-aware intrusion detection in smart factories and other cyber-physical systems.

引用

页码：287 / 303

页数：17

共 68 条

[1]

Abdelghani T, 2019, American Journal of Artificial Intelligence, V3, P17, DOI [10.11648/j.ajai.20190302.11, 10.11648/j.ajai.20190302, DOI 10.11648/J.AJAI.20190302, 10.11648/j.ajai.20190302.11, DOI 10.11648/J.AJAI.20190302.11]

[2] Supervised learning based intrusion detection for SCADA systems [J].

Alimi, Oyeniyi Akeem ;

Ouahada, Khmaies ;

Abu-Mahfouz, Adnan M. ;

Rimer, Suvendi ;

Alimi, Kuburat Oyeranti Adefemi .

2022 IEEE NIGERIA 4TH INTERNATIONAL CONFERENCE ON DISRUPTIVE TECHNOLOGIES FOR SUSTAINABLE DEVELOPMENT (IEEE NIGERCON), 2022, :141-145

[3] Anomaly Detection for SCADA System Security Based on Unsupervised Learning and Function Codes Analysis in the DNP3 Protocol [J].

Altaha, Mustafa ;

Hong, Sugwon .

ELECTRONICS, 2022, 11 (14)

[4]

[Anonymous], 2007, PROC INT C NETW SERV

[5]

[Anonymous], 2009, Guide ISO 73: 2009

[6]

[Anonymous], 2016, P 3 INT C SYST COLL

[7]

[Anonymous], 2012, PASSIVE ACTIVE MEASU

[8] Anomaly-based Intrusion Detection in Industrial Data with SVM and Random Forests [J].

Anton, Simon D. Duque ;

Sinha, Sapna ;

Schotten, Hans Dieter .

2019 27TH INTERNATIONAL CONFERENCE ON SOFTWARE, TELECOMMUNICATIONS AND COMPUTER NETWORKS (SOFTCOM), 2019, :465-470

[9] Risk assessment and risk management: Review of recent advances on their foundation [J].

Aven, Terje .

EUROPEAN JOURNAL OF OPERATIONAL RESEARCH, 2016, 253 (01) :1-13

[10] Unsupervised machine learning for network-centric anomaly detection in IoT [J].

Bhatia, Randeep ;

Benno, Steven ;

Esteban, Jairo ;

Lakshman, T., V ;

Grogan, John .

BIG-DAMA'19: PROCEEDINGS OF THE 3RD ACM CONEXT WORKSHOP ON BIG DATA, MACHINE LEARNING AND ARTIFICIAL INTELLIGENCE FOR DATA COMMUNICATION NETWORKS, 2019, :42-48

← 1 2 3 4 5 6 7 →