Browse > Article

A Study of an Anomalous Event Detection using White-List on Control Networks  

Lee, DongHwi (경기대학교 산업보안학과)
Choi, KyongHo (경기대학교산업기술보호특화센터)
Publication Information
Convergence Security Journal / v.12, no.4, 2012 , pp. 77-84 More about this Journal
Abstract
The control network has been operated in a closed. But it changes to open to external for business convenience and cooperation with several organizations. As the way of connecting with user extends, the risk of control network gets high. Thus, in this paper, proposed the technique of an anomalous event detection using white-list for control network security and minimizing the cyber threats. The proposed method can be collected and cataloged of only normal data from traffic of internal network, control network and field devices. Through way to check the this situation, we can separate normal and abnormal behavior.
Keywords
Control Networks; Misuse Detection; Traffic Signature; White-list; IDS; Snort;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Animesh Patcha and Jung-Min Park, "An overview of anomaly detection techniques: Existing solutions and latest technological trends", Computer Networks, Vol. 51, Issue 12, Pages 3448 - 3470, 22 August 2007.   DOI   ScienceOn
2 신문선, 류근호, "침입탐지시스템의 성능향상을 위한 결정트리 기반 오경보 분류", 정보과학회논문지, 제34권, 제6호, pages 473 - 482, 2007.
3 E. Carl, S. Eugene, and M. Jim, "Intrusion Detection and Prevention", McGraw-Hill, 2004.
4 C. Frederic and M. Alexander, "Alert Correlation in a Cooperative Intrusion Detection Framework", IEEE Symposium on Security and Privacy, 2002.
5 Chirag Modi, Dhiren Patel, Bhavesh Borisaniya, Hiren Patel, Avi Patel and Muttukrishnan Rajarajan, "A survey of intrusion detection techniques in Cloud", Journal of Network and Computer Applications, In Press, Corrected Proof, Available online, 2 June 2012.
6 Tsong Song Hwang, Tsung-Ju Lee and Yuh-Jye Lee, A Three-tier IDS via Data Mining Approach, Proceedings of the 3rd Annual ACM Workshop on Mining Network Data, pages 1 - 6, MineNet 2007, 2007.
7 Frédéric Giroire, Jaideep Chandrashekar, Nina Taft, Eve M. Schooler and Dina Papagiannaki, " Exploiting Temporal Persistence to Detect Covert Botnet Channels", Recent Advances in Intrusion Detection, 12th International Symposium, RAID 2009, Lecture Notes in Computer Science, 5758, Springer, pages 326 - 345, 2009.
8 http://pdf.datanet.co.kr/207/207153.PDF
9 J. Lee, H. Lee and S. Kim, "Development Plan of Korean - Energy Management System", Proc. of the 17th Conference of the Electric Power Supply Industry, pp.1-3, 2008.
10 고폴린, 최화재, 김세령, 권혁민, 김휘강, "트래픽 자기 유사성(Self-similarity)에 기반한 SCADA 시스템 환경에서의 침입탐지방법론", 정보보호학회논문지, 제22권, 제2호, pages 267 - 281, 2012.
11 김완집, 김휘강, 이경호, 염흥열, "도시 기반시설 SCADA 망의 위험분석 및 모니터링 모델 연구", 정보보호학회논문지, 제21권, 제6호, pages 67 - 81, 2011.
12 김경아, 이대성, 김귀남, "공격 트리를 이용한 산업 제어 시스템 보안 위험 분석", 정보․보안 논문지, 제11권, 제6호, 2011
13 Bela Genge, Christos Siaterlis, Igor Nai Fovino and Marcelo Masera, "A cyber-physical experimentation environment for the security analysis of networked industrial control systems", Computers & Electrical Engineering, In Press, Corrected Proof, Available online 21 July 2012.
14 A. Nicholson, S. Webber, S. Dyer, T. Patel and H. Janicke, "SCADA security in the light of Cyber-Warfare", Computers & Security, Vol. 31, Issue 4, pages 418 - 436, June 2012.   DOI   ScienceOn
15 최명균, 이동범, 곽 진, "제어 시스템에 대한 보안 정책 동향 및 보안 취약점 분석", 정보보호학회지, 제21권, 제5호, pages 55 - 64, 2011.
16 김인중, 정윤정, 고재영, 원동호, "중요핵심기반시설(SCADA)에 대한 보안 관리 연구", 한국통신학회논문지, Vol. 30, No. 8C, 2005.
17 김민준, 김귀남, "데이터 마이닝 기반 보안관제 시스템", 정보․보안 논문지, 제11권, 제6호, pages 3-8, 2011.
18 김영진, 이정현, 임종인, "SCADA시스템의 안정성 확보방안에 관한 연구", 정보보호학회논문지, 제19권, 제6호, pages 145 - 152, 2009.
19 "ScanSafe Global Threat Report", http://www.scansafe.com/_data/assets/pdf_file/9471/Q3_2008_GTR.pdf, 2008.