 |
Distributed Intrusion Detection Methodology of Process Oriented Attacks in Industrial Control Systems
1 : Inria Grenoble - Rhône-Alpes Equipe CTRL-A
Institut National de Recherche en Informatique et en Automatique
2 : Naval Cyber Laboratory
Naval Group
3 : Laboratoire dÍnformatique de Grenoble
(LIG)
-
Site web
Université Pierre Mendès France - Grenoble 2, Université Joseph Fourier - Grenoble 1, Institut National Polytechnique de Grenoble, Centre National de la Recherche Scientifique : UMR5217, Université Grenoble Alpes
UMR 5217 - Laboratoire LIG - Bâtiment IMAG - 700 avenue Centrale - Domaine Universitaire de Saint-Martin-d'Hères Adresse postale : CS 40700 - 38058 Grenoble cedex 9 - France Tél. : 04 57 42 14 00 -
France
4 : Ecole Nationale Supérieure de léau, l\'énergie et lénvironnement
(ENSE3)
-
Site web
Institut National Polytechnique de Grenoble
Ecole Nationale Supérieure de lÉnergie, lÉau et lÉnvironnement 11, rue des Mathématiques - BP 46 - 38402 Saint Martin d\'Hères cedex France -
France
This paper presents a starting Ph.D topic on intrusion detection in complex industrial control systems. We are interested in network-based, process-oriented attacks, i.e. attacks which do not violate network protocols and target specifically the integrity of the physical process. We consider complex industrial processes with event-driven and time-driven weakly interconnected sub-processes. We consider local security properties of the physical sub-processes but also global properties which cannot be decomposed locally. Therefore we aim to develop an anomaly-based, process-aware, distributed detection methodology for event-driven and continuous dynamical systems.
