A Parser for Deep Packet Inspection of IEC-104: A Practical Solution for Industrial Applications

Chromik, Justyna Joanna; Remke, Anne; Haverkort, Boudewijn R.; Geist, Gerard

doi:10.1109/dsn-industry.2019.00008

Cited by 8 publications

(2 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The most common security countermeasure is the use of intrusion detection and prevention systems with deep packet inspection capabilities or industrial firewalls that have the ability to detect and stop highly specialized attacks hidden deep in the communication flow [83]. For example, Liang et al [84] propose an industrial network intrusion detection algorithm based on a multi feature data clustering optimization model.…”

Section: Attacks In Application Layermentioning

confidence: 99%

Cyber Threats to Industrial IoT: A Survey on Attacks and Countermeasures

Τσίκνας

Taketzis²,

Demertzis

et al. 2021

IoT

104

View full text Add to dashboard Cite

In today’s Industrial Internet of Things (IIoT) environment, where different systems interact with the physical world, the state proposed by the Industry 4.0 standards can lead to escalating vulnerabilities, especially when these systems receive data streams from multiple intermediaries, requiring multilevel security approaches, in addition to link encryption. At the same time taking into account the heterogeneity of the systems included in the IIoT ecosystem and the non-institutionalized interoperability in terms of hardware and software, serious issues arise as to how to secure these systems. In this framework, given that the protection of industrial equipment is a requirement inextricably linked to technological developments and the use of the IoT, it is important to identify the major vulnerabilities and the associated risks and threats and to suggest the most appropriate countermeasures. In this context, this study provides a description of the attacks against IIoT systems, as well as a thorough analysis of the solutions for these attacks, as they have been proposed in the most recent literature.

show abstract

Section: Attacks In Application Layermentioning

confidence: 99%

Cyber Threats to Industrial IoT: A Survey on Attacks and Countermeasures

Τσίκνας

Taketzis²,

Demertzis

et al. 2021

IoT

104

View full text Add to dashboard Cite

show abstract

“…The actual process information in the Application Service Data Unit (ASDU) part of the Application Protocol Data Unit (APDU) was initially only supported for a small set of only six functions [16]. We extended the parser to trigger events for all IEC-104 function codes used at the Dutch substation [40].…”

Section: Connection To Ids Zeekmentioning

confidence: 99%

Architecture and Prototype Implementation for Process-Aware Intrusion Detection in Electrical Grids

Flosbach¹,

Chromik

Remke

2019

2019 38th Symposium on Reliable Distributed Systems (SRDS)

Self Cite

View full text Add to dashboard Cite

Supervisory Control and Data Acquisition (SCADA) systems monitor and control electric power distribution. Recent history has shown that cyber-attacks pose a tremendous risk for the economy and safety of modern countries. This paper introduces an architecture and a prototype implementation for a process-aware, network-based Intrusion Detection System (IDS) to secure control networks in the domain of power distribution. Based on a recently proposed process model, the system continuously assesses the local physical process and all control commands with regard to consistency and safety of the underlying physical process. Its detection capabilities focus on process-based attacks like manipulated control commands, which appear legitimate to traditional IDS but might nevertheless have devastating effects on the power distribution. The architecture separates the evaluation part from the traffic processing, which ensures extensibility and scalability. The developed implementation has been successfully tested at a Dutch power distribution substation. Its detection performance is characterized by a very low miss rate and high precision.

show abstract