{"title":"利用Bro和仿真模型检测核反应堆中的网络物理攻击","authors":"Zachary Hill, J. Hale, M. Papa, P. Hawrylak","doi":"10.1109/ICDIS.2019.00011","DOIUrl":null,"url":null,"abstract":"Increasing integration of physical components into digital systems has introduced new attack vectors that traditional intrusion detection systems (IDSs) are incapable of protecting with previously developed methods. Physical components can be targeted to change the behavior of the system without modifying the digital network, leading to unsafe or undesirable system states without causing unusual network activity. Anomaly-based detection methods can be adapted to monitor the system's physical behavior to mitigate these attacks. This paper presents such a method utilizing the Bro IDS with a simulation model of the physical system. The state of the model is compared to the state information of the system being transmitted on the network, allowing attacks to be detected by observing inconsistencies between the model and the system.","PeriodicalId":181673,"journal":{"name":"2019 2nd International Conference on Data Intelligence and Security (ICDIS)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Using Bro with a Simulation Model to Detect Cyber-Physical Attacks in a Nuclear Reactor\",\"authors\":\"Zachary Hill, J. Hale, M. Papa, P. Hawrylak\",\"doi\":\"10.1109/ICDIS.2019.00011\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Increasing integration of physical components into digital systems has introduced new attack vectors that traditional intrusion detection systems (IDSs) are incapable of protecting with previously developed methods. Physical components can be targeted to change the behavior of the system without modifying the digital network, leading to unsafe or undesirable system states without causing unusual network activity. Anomaly-based detection methods can be adapted to monitor the system's physical behavior to mitigate these attacks. This paper presents such a method utilizing the Bro IDS with a simulation model of the physical system. The state of the model is compared to the state information of the system being transmitted on the network, allowing attacks to be detected by observing inconsistencies between the model and the system.\",\"PeriodicalId\":181673,\"journal\":{\"name\":\"2019 2nd International Conference on Data Intelligence and Security (ICDIS)\",\"volume\":\"30 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 2nd International Conference on Data Intelligence and Security (ICDIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICDIS.2019.00011\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 2nd International Conference on Data Intelligence and Security (ICDIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICDIS.2019.00011","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Using Bro with a Simulation Model to Detect Cyber-Physical Attacks in a Nuclear Reactor
Increasing integration of physical components into digital systems has introduced new attack vectors that traditional intrusion detection systems (IDSs) are incapable of protecting with previously developed methods. Physical components can be targeted to change the behavior of the system without modifying the digital network, leading to unsafe or undesirable system states without causing unusual network activity. Anomaly-based detection methods can be adapted to monitor the system's physical behavior to mitigate these attacks. This paper presents such a method utilizing the Bro IDS with a simulation model of the physical system. The state of the model is compared to the state information of the system being transmitted on the network, allowing attacks to be detected by observing inconsistencies between the model and the system.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
