loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: S. Seng 1 ; 2 ; J. Garcia-Alfaro 2 and Y. Laarouci 1

Affiliations: 1 EDF R&D, Palaiseau, France ; 2 TelecomSud Paris, Palaiseau, France

Keyword(s): Statechart, Protocol Modeling, Intrusion Detection System, Anomaly Detection, Industrial System, Critical Infrastructures.

Abstract: The deployment of a Network Intrusion Detection System (NIDS) is one of the imperatives for the control of an information system. Today, almost all intrusion detection systems are based on a static vision of network exchanges, whether for detection engines based on signatures or on behavioral models. However, this approach is limited: it does not allow to directly take into account past exchanges and thus to fully model normal or abnormal behavior, such as verifying that an authentication has taken place before authorizing a privileged request or detecting a replay attack. We propose to add an additional dimension to NIDS by performing stateful monitoring of communication protocols. Unified Modeling Language (UML) statecharts have been chosen to model the protocols and to perform the stateful monitoring. An implementation of this solution is integrated within an existing NIDS and validated on two industrial protocols IEC 60870-5-104 and Modbus TCP. This implementation has been realiz ed by dissociating the stateful monitoring and the NIDS with the help of an abstraction interface allowing an easy integration of new communication protocols. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.230.143.213

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Seng, S.; Garcia-Alfaro, J. and Laarouci, Y. (2022). Implementation of a Stateful Network Protocol Intrusion Detection Systems. In Proceedings of the 19th International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-590-6; ISSN 2184-7711, SciTePress, pages 398-405. DOI: 10.5220/0011327400003283

@conference{secrypt22,
author={S. Seng. and J. Garcia{-}Alfaro. and Y. Laarouci.},
title={Implementation of a Stateful Network Protocol Intrusion Detection Systems},
booktitle={Proceedings of the 19th International Conference on Security and Cryptography - SECRYPT},
year={2022},
pages={398-405},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011327400003283},
isbn={978-989-758-590-6},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 19th International Conference on Security and Cryptography - SECRYPT
TI - Implementation of a Stateful Network Protocol Intrusion Detection Systems
SN - 978-989-758-590-6
IS - 2184-7711
AU - Seng, S.
AU - Garcia-Alfaro, J.
AU - Laarouci, Y.
PY - 2022
SP - 398
EP - 405
DO - 10.5220/0011327400003283
PB - SciTePress