Assessing Anomaly-Based Intrusion Detection Configurations for Industrial Control Systems

Robert E. Gillen, Jason M. Carter, Christopher Craig, Jordan A. Johnson, Stephen L. Scott

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Scopus citations

Abstract

To reduce cost and ease maintenance, industrial control systems (ICS) have adopted Ethernetbased interconnections that integrate operational technology (OT) systems with information technology (IT) networks. This integration has made these critical systems vulnerable to attack. Security solutions tailored to ICS environments are an active area of research. Anomalybased network intrusion detection systems are well-suited for these environments. Often these systems must be optimized for their specific environment. In prior work, we introduced a method for assessing the impact of various anomaly-based network IDS settings on security. This paper reviews the experimental outcomes when we applied our method to a full-scale ICS test bed using actual attacks. Our method provides new and valuable data to operators enabling more informed decisions about IDS configurations.

Original languageEnglish
Title of host publicationProceedings - 21st IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages360-366
Number of pages7
ISBN (Electronic)9781728173740
DOIs
StatePublished - Aug 2020
Event21st IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2020 - Virtual, Cork, Ireland
Duration: Aug 31 2020Sep 3 2020

Publication series

NameProceedings - 21st IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2020

Conference

Conference21st IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2020
Country/TerritoryIreland
CityVirtual, Cork
Period08/31/2009/3/20

Funding

This manuscript has been co-authored by UT-Battelle, LLC under Contract No. DE-AC05-00OR22725 with the US DOE. The United States Government retains and the publisher, by accepting the article for publication, acknowledges that the United States Government retains a non-exclusive, paid-up, irrevocable, world-wide license to publish or reproduce the published form of this manuscript, or allow others to do so, for United States Government purposes. The DOE will provide public access to these results of federally sponsored research in accordance with the DOE Public Access Plan (http://energy.gov/downloads/doe-public-access-plan). Thank you, L. Anderson, M. Rice and reviewers whose support and comments helped to ensure this document was both accurate and intelligible. This material is based on research sponsored by the Laboratory Directed Research and Development Program of Oak Ridge National Laboratory, managed by UT-Battelle, LLC, for the U. S. Department of Energy.

Keywords

  • assessment
  • industrial control systems
  • intrusion detection systems
  • risk quantification

Fingerprint

Dive into the research topics of 'Assessing Anomaly-Based Intrusion Detection Configurations for Industrial Control Systems'. Together they form a unique fingerprint.

Cite this