On the Detection of Replay Attacks in Industrial Automation Networks Operated with Profinet IO

Steffen Pfrang; David Meier

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

On the Detection of Replay Attacks in Industrial Automation Networks Operated with Profinet IO

In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ForSE, 683-693, 2017 , Porto, Portugal

Authors: Steffen Pfrang and David Meier

Affiliation: Fraunhofer IOSB, Germany

Keyword(s): Industrial Networks, Replay Attacks, Port Stealing, DCP Reconfiguration, Intrusion Detection, Attack Detection Modeling.

Abstract: Modern industrial facilities consist of controllers, actuators and sensors that are connected via traditional IT equipment. The ongoing integration of these systems into the communication network yields to new threats and attack possibilities. In industrial networks, often distinct communication protocols like Profinet IO (PNIO) are used. These protocols are often not supported by typical network security tools. In this paper, we present two attack techniques that allow to take over the control of a PNIO device, enabling an attacker to replay formerly recorded traffic. We model attack detection rules and propose an intrusion detection system (IDS) for industrial networks which is capable of detecting those replay attacks by correlating alerts from traditional IT IDS with specific PNIO alarms. Thereafter, we evaluate our IDS in a physical demonstrator and compare it with another IDS dedicated to securing PNIO networks.

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 216.73.216.157

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Pfrang, S., Meier and D. (2017). On the Detection of Replay Attacks in Industrial Automation Networks Operated with Profinet IO. In Proceedings of the 3rd International Conference on Information Systems Security and Privacy (ICISSP 2017) - ForSE; ISBN 978-989-758-209-7; ISSN 2184-4356, SciTePress, pages 683-693. DOI: 10.5220/0006288106830693

@conference{forse17,
author={Steffen Pfrang and David Meier},
title={On the Detection of Replay Attacks in Industrial Automation Networks Operated with Profinet IO},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy (ICISSP 2017) - ForSE},
year={2017},
pages={683-693},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006288106830693},
isbn={978-989-758-209-7},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy (ICISSP 2017) - ForSE
TI - On the Detection of Replay Attacks in Industrial Automation Networks Operated with Profinet IO
SN - 978-989-758-209-7
IS - 2184-4356
AU - Pfrang, S.
AU - Meier, D.
PY - 2017
SP - 683
EP - 693
DO - 10.5220/0006288106830693
PB - SciTePress