Abstract:
Intrusion detection systems (IDSs) are widely used for generating alarms indicating potential network security risks based on network traffic monitoring in industrial con...Show MoreMetadata
Abstract:
Intrusion detection systems (IDSs) are widely used for generating alarms indicating potential network security risks based on network traffic monitoring in industrial control systems (ICSs). However, it is a big burden for security analysts to handle numerous alarms in real time. Also, most alarms are falsely triggered by normal operations, which makes the real attack risks hard to find. In this paper, we propose MNSSA, a meso-level network security situation awareness method that conducts graph evolution analysis on the ICS alarms. MNSSA can semi-automatically filter low-risk false alarms in bulk and detect attack events. It can better analyze the network security situation and improve alarm processing efficiency.
Date of Conference: 28 August 2024 - 01 September 2024
Date Added to IEEE Xplore: 23 October 2024
ISBN Information: