A distributed intrusion detection system for industrial automation networks

Modern automation is measured in terms of interoperability and easy administration. Introducing technology focussing on these criteria, however, induce new security risks to existing and future automation installations. Current security approaches in automation do not keep pace with the rising security challenges. Prevalent in automation is the use of access control to protect the system from malicious activity, such as extern attacks. Means to inspect the automation traffic to identify attacks that already have overcome access control or are initiated from inside the automation system are not available, yet. For filling this gap, we investigate in the application of intrusion detection techniques on industrial automation. In this paper, we present the current state of an intrusion detection system tailored to the analysis of operation down to traffic between automation devices on field layer.