loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Henrik Waagsnes and Nils Ulltveit-Moe

Affiliation: University of Agder, Norway

Keyword(s): IDS, Test Framework, SCADA, IEC 60870-5-104, SIEM.

Related Ontology Subjects/Areas/Topics: Computer-Supported Education ; Enterprise Information Systems ; Information Systems Analysis and Specification ; Information Technologies Supporting Learning ; Internet Technology ; Intrusion Detection and Response ; Security ; Security and Privacy ; Web Information Systems and Technologies

Abstract: This paper presents a SCADA intrusion detection system test framework that simulates SCADA traffic and detects malicious network activity. The framework combines several existing components such as Kali Linux, Conpot, QTester104 and OpenMUC in a virtual machine based framework to provide realistic SCADA traffic. It is agnostic to Intrusion Detection System (IDS) type, and is demonstrated in a case study comparing two popular signature-based IDS engines: Suricata and Snort. The IDS engines include rule-sets for the IEC 60870-5-104 and other SCADA protocols. Detected events from IDS sensors are sent to a distributed Elastic cluster which visualises them using Kibana dashboards. The experiments show that there is some difference in behaviour between Suricata and Snort’s ability to detect malicious traffic using the same SCADA ruleset, but these issues are relatively easy to mitigate. The IDS test framework also measures the latency from detection and until the IDS alerts are pr esented in the incident management system, which shows that Suricata has slightly better performance than Snort. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 44.220.43.170

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Waagsnes, H. and Ulltveit-Moe, N. (2018). Intrusion Detection System Test Framework for SCADA Systems. In Proceedings of the 4th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-282-0; ISSN 2184-4356, SciTePress, pages 275-285. DOI: 10.5220/0006588202750285

@conference{icissp18,
author={Henrik Waagsnes. and Nils Ulltveit{-}Moe.},
title={Intrusion Detection System Test Framework for SCADA Systems},
booktitle={Proceedings of the 4th International Conference on Information Systems Security and Privacy - ICISSP},
year={2018},
pages={275-285},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006588202750285},
isbn={978-989-758-282-0},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 4th International Conference on Information Systems Security and Privacy - ICISSP
TI - Intrusion Detection System Test Framework for SCADA Systems
SN - 978-989-758-282-0
IS - 2184-4356
AU - Waagsnes, H.
AU - Ulltveit-Moe, N.
PY - 2018
SP - 275
EP - 285
DO - 10.5220/0006588202750285
PB - SciTePress