Title :
Intrusion Monitoring in Process Control Systems
Author :
Valdes, Alfonso ; Cheung, Stephane
Author_Institution :
Comput. Sci. Lab., SRI Int., Menlo Park, CA
Abstract :
To protect process control networks from cyber intrusions, preventive security measures such as perimeter defenses (for example, network firewalls and demilitarized zones) and secure versions of process control network protocols have been increasingly adopted or proposed. Although system hardening and fixing known vulnerabilities of existing systems are crucial to secure process control systems, intrusion monitoring is essential to ensure that the preventive measures are not compromised or bypassed. Our approach involves a multilayer security architecture for monitoring process control systems to achieve accurate and effective situational awareness. Also, we leverage some of the characteristics of process control systems such as the regularity of network traffic patterns to perform intrusion detection, with the potential to detect unknown attacks. To facilitate human analysts to gain a better understanding of anomalous network traffic patterns, we present a visualization tool that supports multiple user-customizable views and animation for analyzing network packet traces.
Keywords :
data visualisation; process control; production engineering computing; security of data; anomalous network traffic; hardening fixing; human analysts; intrusion detection; intrusion monitoring; multilayer security architecture; multiple user-customizable views; network traffic patterns; preventive security measures; process control systems; situational awareness; system hardening; visualization tool; Communication system traffic control; Computer security; Humans; Intrusion detection; Monitoring; Nonhomogeneous media; Pattern analysis; Process control; Protection; Protocols;
Conference_Titel :
System Sciences, 2009. HICSS '09. 42nd Hawaii International Conference on
Conference_Location :
Big Island, HI
Print_ISBN :
978-0-7695-3450-3
DOI :
10.1109/HICSS.2009.273
