High-Speed Intrusion Detection in Support of Critical Infrastructure Protection

“…The system is validated using 2 weeks of data from a real water treatment facility. The data was captured in the context of the Hermes, [20] network anomaly testbed aware Carcano et al [28,29,59] network anomaly simulation aware Cárdenas et al [31] network anomaly simulation aware Cheung et al [37] network anomaly testbed unaware D'Antonio et al [45] network anomaly none unaware Di Santo et al [49] network anomaly simulation aware Düssel et al [51] network anomaly measurement unaware Goldenberg and Wool [62] network anomaly measurement unaware Gonzalez and Papa [64] network anomaly testbed unaware Hadeli et al [69] network anomaly testbed unaware Hadiosmanovic et al [70] host anomaly measurement unaware Hoeve [76] network anomaly testbed unaware Linda et al [99] network anomaly testbed unaware McEvoy and Wolthusen [105] network anomaly simulation aware Oman and Phillips [116] network anomaly none unaware Premaratne et al [122] network signature testbed unaware Rrushi et al [125,126] network anomaly none aware Valdes and Cheung [145] network anomaly testbed unaware Xiao et al [151] network anomaly none aware Yang et al [152] host anomaly testbed unaware Table 4.2: Overview of surveyed IDS approaches Castor and Midas projects 4 , which also supported the work described in this thesis.…”

“…Network/Anomaly based D'Antonio et al [45] propose the use of flow-level information (e.g., IPFIX [41]) to detect anomalies using a "context extraction algorithm". However, only the general architecture is described and details about the context extraction algorithm are not given.…”

Anomaly detection in SCADA systems : a network based approach

“…The system is validated using 2 weeks of data from a real water treatment facility. The data was captured in the context of the Hermes, [20] network anomaly testbed aware Carcano et al [28,29,59] network anomaly simulation aware Cárdenas et al [31] network anomaly simulation aware Cheung et al [37] network anomaly testbed unaware D'Antonio et al [45] network anomaly none unaware Di Santo et al [49] network anomaly simulation aware Düssel et al [51] network anomaly measurement unaware Goldenberg and Wool [62] network anomaly measurement unaware Gonzalez and Papa [64] network anomaly testbed unaware Hadeli et al [69] network anomaly testbed unaware Hadiosmanovic et al [70] host anomaly measurement unaware Hoeve [76] network anomaly testbed unaware Linda et al [99] network anomaly testbed unaware McEvoy and Wolthusen [105] network anomaly simulation aware Oman and Phillips [116] network anomaly none unaware Premaratne et al [122] network signature testbed unaware Rrushi et al [125,126] network anomaly none aware Valdes and Cheung [145] network anomaly testbed unaware Xiao et al [151] network anomaly none aware Yang et al [152] host anomaly testbed unaware Table 4.2: Overview of surveyed IDS approaches Castor and Midas projects 4 , which also supported the work described in this thesis.…”

“…Network/Anomaly based D'Antonio et al [45] propose the use of flow-level information (e.g., IPFIX [41]) to detect anomalies using a "context extraction algorithm". However, only the general architecture is described and details about the context extraction algorithm are not given.…”

Anomaly detection in SCADA systems : a network based approach

Semi-real-time Hash Comparison for Detecting Intrusions Using Blockchain

Towards Automatic Critical Infrastructure Protection through Machine Learning