A Protocol Specification-Based Intrusion Detection System for VoIP and Its Evaluation

Phit, Thyda; Abe, Kouji

doi:10.1093/ietcom/e91-b.12.3956

Cited by 6 publications

(1 citation statement)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Initially, it was intended for execution monitoring of security-critical programs in distributed system [10]. However, it has been applied to routing protocols such AODV [12], [13], [14] or OSLR [15], DNP3 protocol [16], [17], [18] Voice over IP [19], [20], [21] and other areas of CPS as discussed in section III. A practical experience in the use of specification-based intrusion is presented by Uppuluri and Sekar in [11].…”

Section: B Specification-based Intrusion Detectionmentioning

confidence: 99%

A Survey of Specification-based Intrusion Detection Techniques for Cyber-Physical Systems

Nweke¹

2021

IJACSA

View full text Add to dashboard Cite

Cyber-physical systems (CPS) integrate computation and communication capabilities to monitor and control physical systems. Even though this integration improves the performance of the overall system and facilitates the application of CPS in several domains, it also introduces security challenges. Over the years, intrusion detection systems (IDS) have been deployed as one of the security controls for addressing these security challenges. Traditionally, there are three main approaches to IDS, namely: anomaly detection, misuse detection and specificationbased detection. However, due to the unique attributes of CPS, the traditional IDS need to be modified or completely replaced before it can be deployed for CPS. In this paper, we present a survey of specification-based intrusion detection techniques for CPS. We classify the existing specification-based intrusion detection techniques in the literature according to the following attributes: specification source, specification extraction, specification modelling, detection mechanism, detector placement and validation strategy. We also discuss the details of each attribute and describe our observations, concerns and future research directions. We argue that reducing the efforts and time needed to extract the system specification of specification-based intrusion detection techniques for CPS and verifying the correctness of the extracted system specification are open issues that must be addressed in the future.

show abstract