Assessing Anomaly-Based Intrusion Detection Configurations for Industrial Control Systems
To reduce cost and ease maintenance, industrial control systems (ICS) have adopted Ethernetbased interconnections that integrate operational technology (OT) systems with information technology (IT) networks. This integration has made these critical systems vulnerable to attack. Security solutions tailored to ICS environments are an active area of research. Anomalybased network intrusion detection systems are well-suited for these environments. Often these systems must be optimized for their specific environment. In prior work, we introduced a method for assessing the impact of various anomaly-based network IDS settings on security. This paper reviews the experimental outcomes when we applied our method to a full-scale ICS test bed using actual attacks. Our method provides new and valuable data to operators enabling more informed decisions about IDS configurations.
- Research Organization:
- Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-00OR22725
- OSTI ID:
- 1684695
- Resource Relation:
- Conference: 6th IEEE International workshop on Communication Computing and Networking in Cyber Physical Systems - Cork, , Ireland - 6/15/2020 4:00:00 AM-6/18/2020 4:00:00 AM
- Country of Publication:
- United States
- Language:
- English
Similar Records
Industrial and Critical Infrastructure Security: Technical Analysis of Real-Life Security Incidents
Attack-resilient algorithms and testbed federation for wide-area protection and control in smart grid