Browse > Article
http://dx.doi.org/10.7840/kics.2013.38B.8.641

Whitelist-Based Anomaly Detection for Industrial Control System Security  

Yoo, Hyunguk (아주대학교 컴퓨터공학과)
Yun, Jeong-Han (한국전자통신연구원 부설연구소)
Shon, Taeshik (아주대학교 정보컴퓨터공학과)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.38B, no.8, 2013 , pp. 641-653 More about this Journal
Abstract
Recent cyber attacks targeting control systems are getting sophisticated and intelligent notoriously. As the existing signature based detection techniques faced with their limitations, a whitelist model with security techniques is getting attention again. However, techniques that are being developed in a whitelist model used at the application level narrowly and cannot provide specific information about anomalism of various cases. In this paper, we classify abnormal cases that can occur in control systems of enterprises and propose a new whitelist model for detecting abnormal cases.
Keywords
Industrial Control System; SCADA; Whitelist; Anomaly Detection; Cyber Attack Taxonomy;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Y. J. Won, "Fault detection, diagnosis, and prediction for IP-based industrial control networks," Ph.D. dissertation, Dept. Elect. Comput. Eng., Postech, Korea, Nov. 2009.
2 U.S. Homeland Security, "Common cybersecurity vulnerabilities in industrial control," Nat. Cyber Security Division, Control Syst. Security Program, May 2011.
3 IEC, "IEC 62351 part1 : communication network and system security - introduction to security issues," IEC TS 62351-1, May 2007.
4 Digital Bond, Quickdraw SCADA IDS, Retrieved June, 26, 2013, from http://www.digitalbond.com/tools/quickdraw/.
5 M. Jang, G. Lee, S. Kim, B.-G. Min, W.-N. Kim, and J. Seo, "Testing vulnerabilities of DNP3," J. Security Eng., vol. 7, no. 1, Feb. 2010.
6 X. Li, X. Liang, R. Lu, X. Shen, X. Lin, and H. Zhu, "Securing smart grid: cyber attacks," IEEE Commun. Mag., vol. 50, no. 8, pp. 38-45, Aug. 2012.
7 A. Ginter, "An analysis of Whitelisting security solutions and their applicability in control systems," in SCADA Security Sci. Symp. (S4) 2010, Miami, U.S.A., Jan. 2010.
8 J. Yoon, W. Kim, and J. Seo, "Study on Technology Requirement using the Technological Trend of Security Products concerning Industrial Control System," J. Korea Inst. Inform. Security Crytology, vol. 22, no. 5, pp. 22-26, Aug. 2012.
9 B. Zhu, A. Joseph, and S. Sastry, "A taxonomy of cyber attacks on SCADA systems," in Proc. IEEE Int. Conf. Internet Things (iThings/CPSCom), pp. 308-388, Dalian, China, Oct. 2011.
10 I. N. Fovino, A. Coletta, and M. Masera, "Taxonomy of security solutions for the SCADA sector," ESCoRTS, Deliverable D22, Mar. 2010.
11 D.-J. Kang, J.-J. Lee, S.-J. Kim, and J.-H. Park, "Analysis on cyber threats to SCADA systems," in Proc. IEEE Transmission Distribution Conf. Expo.: Asia Pacific, pp. 1-4, Seoul, Korea, Oct. 2009.
12 M. Franz, "ICCP exposed: assessing the attack surface of the utility stack," in SCADA Security Sci. Symp. (S4), Miami, U.S.A., Jan. 2007.