Review of KIISC (정보보호학회지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지

제어시스템 침입탐지 시스템 기술 연구 동향

  • Published : 2014.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

국가기반시설 제어시스템은 독립망 운영 정책 적용과 독자적 제어시스템 통신 프로토콜 사용으로 안전하다고 여겨져 왔다. 하지만 최근 국가기반시설 제어시스템을 대상으로 한 최초의 사이버 무기인 스턱스넷(Stuxnet) 악성코드의 발견 이래로 현재까지도 지속적인 사이버 위협 및 사고사례가 보고되고 있다. 이에 따라 사회경제적으로 큰 혼란을 야기할 수 있는 제어시스템 대상 사이버공격에 대응하기 위해 일반 IT 환경과는 다른 제어시스템만의 특성이 반영된 보안기술이 요구되고 있다. 본 논문에서는 제어시스템 보안기술 중 침입탐지 시스템 기술 연구 동향을 분석하고 해당 기술이 적용되는 제어시스템 영역과 제어시스템 통신 프로토콜별 특성에 따른 기술들의 특징을 분석한다. 또한, 탐지 기법에 따른 제어시스템 공격 탐지 성능을 비교 및 분석한다.

Keywords

References

  1. ICS-CERT, "ICS-CERT Monitor: October/Novbember/December," 2013.
  2. ICS-CERT, "Alert (ICS-ALERT-10-301-01): Control System Internet Accessibility," Oct. 2010.
  3. ICS-CERT, "Year in Rreview 2012," Mar. 2013.
  4. ICS-CERT, "Year in Review 2013," Feb. 2014.
  5. R. Bace, P. Mell, "NIST Special Publication on Intrusion Detection Systems," September 2001.
  6. S. Cheung, B. Dutertre, M. Fong, U. Lindqvist, K. Skinner, "Using Model-based Intrusion Detection for SCADA Networks," In Proceedings of the SCADA Security Scientific Symposium, 2006.
  7. O. Linda, T. Vollmer, M. Manic, "Neural Network Based Intrusion Detection System for Critical Infrastructures," Neural Networks, International Joint Conference on, pp.1827-1834, June 2009.
  8. I. N. Fovino, M. Masera, M. Guglielmi, A. Carcano, A. Trombetta, "Distributed Intrusion Detection System For SCADA Protocols," Critical Infrastructure Protection IV, IFIP Advances in Information and Communication Technology, vol.342, pp.95-110, 2010.
  9. R. Ramos, R. Barbosa, A. Pras, "Intrusion Detection in SCADA Networks," Mechanisms for Autonomous Management of Networks and Services, Lecture Notes in Computer Science, vol.6155, pp.163-166, 2010.
  10. W. Gao, T. Morris, B. Reaves, D. Richey, "On SCADA Control System Command and Response Injection and Intrusion Detection," eCrime Researchers Summit (eCrime), pp.1-9, Oct. 2010.
  11. A. Carcano, I. N. Fovino1, M. Masera1, A. Trombetta, "State-Based Network Intrusion Detection Systems for SCADA Protocols A Proof of Concept," Critical Information Infrastructures Security, Lecture Notes in Computer Science, vol.6027, pp.138-150, 2010.
  12. U. K. Premaratne, J. Samarabandu, T. S. Sidhu, R. Beresh, J. Tan, "An Intrusion Detection System for IEC61850 Automated Substations," Power Delivery, IEEE Transactions on, vol.25, no.4, pp.2376-2383, Oct. 2010. https://doi.org/10.1109/TPWRD.2010.2050076
  13. I. N. Fovino, A. Carcano, T. D. L. Murel, A. Trombetta, M. Masera, "Modbus/DNP3 State-based Intrusion Detection System," Advanced Information Networking and Applications (AINA), 24th IEEE International Conference on, pp.729-736, April 2010.
  14. A. Carcano, A. Coletta, M. Guglielmi, M. Masera, I. Nai Fovino, A. Trombetta, "A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems," Industrial Informatics, IEEE Transactions on, vol.7, no.2, pp.179-186, May 2011. https://doi.org/10.1109/TII.2010.2099234
  15. J. Reeves, A. Ramaswamy, M. Locasto, S. Bratus, S. Smith, "Lightweight Intrusion Detection for Resource-Constrained Embedded Control Systems," Critical Infrastructure Protection V, IFIP Advances in Information and Communication Technology, vol.367, pp.31-46, 2011.
  16. S. Parthasarathy, D. Kundur, "Bloom Filter based Intrusion Detection for Smart Grid SCADA," Electrical & Computer Engineering (CCECE), 25th IEEE Canadian Conference on, pp.1-6, April 2012.
  17. J. Reeves, A. Ramaswamy, M. Locasto, S. Bratus, S. Smith, "Intrusion Detection for Resource-constrained Embedded Control Systems in the Power Grid," International Journal of Critical Infrastructure Protection, vol.5, Issue 2, pp.74-83, July 2012. https://doi.org/10.1016/j.ijcip.2012.02.002
  18. N. Goldenberg, A. Wool, "Accurate Modeling of Modbus/TCP for Intrusion Detection in SCADA Systems," International Journal of Critical Infrastructure Protection, vol.6, Issue 2, pp.63-75, June 2013. https://doi.org/10.1016/j.ijcip.2013.05.001
  19. J. Yun, S. Jeon, K. Kim, W. Kim, "Burst-based Anomaly Detection on the DNP3 Protocol," International Journal of Control and Automation, vol.6, no.2, pp.313-324 April 2013.
  20. A. Anoop, M. S. Sreeja, "New Genetic Algorithm Based Intrusion Detection," International Journal of Engineering Innovation & Research, vol.2, Issue 2, pp.171-175, 2013.
  21. Y. Yang, K. McLaughlin, T. Littler, S. Sezer, H. F. Wang, "Rule-based intrusion detection system for SCADA networks," Renewable Power Generation Conference (RPG), pp.1-4, September 2013.
  22. Q. Chen, S. Abdelwahed, "A Model-based Approach to Self-Protection in SCADA Systems," 9th International Workshop on Feedback Computing, June 2014.
  23. Y. Yang, K. McLaughlin, S. Sezer, B. Pranggono, T. Littler, B. Pranggono, H. F. Wang, E. G. Im, "Multiattribute SCADA-Specific Intrusion Detection System for Power Networks," Power Delivery, IEEE Transactions on, vol.29, no.3, pp.1092-1102, June 2014. https://doi.org/10.1109/TPWRD.2014.2300099
  24. N. Sayegh, I. H. Elhajj, A. Kayssi, A. Chehab, "SCADA Intrusion Detection System Based on Temporal Behavior of Frequent Patterns," 17th IEEE Mediterranean Electrotechnical Conference (MELECON), pp.432-438, April 2014.
  25. Y. Wang, Z. Xu, J. Zhang, L. Xu, H. Wang, G. Gu, "SRID: State Relation Based Intrusion Detection for False Data Injection Attacks in SCADA," Computer Security - ESORICS, Lecture Notes in Computer Science, vol.8713, pp.401-418, 2014.