SCADA Security

SCADA Security
Автор книги: id книги: 1884154     Оценка: 0.0     Голосов: 0     Отзывы, комментарии: 0 12984,3 руб.     (126,93$) Читать книгу Купить и скачать книгу Купить бумажную книгу Электронная книга Жанр: Отраслевые издания Правообладатель и/или издательство: John Wiley & Sons Limited Дата добавления в каталог КнигаЛит: ISBN: 9781119606352 Скачать фрагмент в формате   fb2   fb2.zip Возрастное ограничение: 0+ Оглавление Отрывок из книги

Реклама. ООО «ЛитРес», ИНН: 7719571260.

Описание книги

Examines the design and use of Intrusion Detection Systems (IDS) to secure Supervisory Control and Data Acquisition (SCADA) systems Cyber-attacks on SCADA systems—the control system architecture that uses computers, networked data communications, and graphical user interfaces for high-level process supervisory management—can lead to costly financial consequences or even result in loss of life. Minimizing potential risks and responding to malicious actions requires innovative approaches for monitoring SCADA systems and protecting them from targeted attacks. SCADA Security: Machine Learning Concepts for Intrusion Detection and Prevention is designed to help security and networking professionals develop and deploy accurate and effective Intrusion Detection Systems (IDS) for SCADA systems that leverage autonomous machine learning. Providing expert insights, practical advice, and up-to-date coverage of developments in SCADA security, this authoritative guide presents a new approach for efficient unsupervised IDS driven by SCADA-specific data. Organized into eight in-depth chapters, the text first discusses how traditional IT attacks can also be possible against SCADA, and describes essential SCADA concepts, systems, architectures, and main components. Following chapters introduce various SCADA security frameworks and approaches, including evaluating security with virtualization-based SCADAVT, using SDAD to extract proximity-based detection, finding a global and efficient anomaly threshold with GATUD, and more. This important book: Provides diverse perspectives on establishing an efficient IDS approach that can be implemented in SCADA systems Describes the relationship between main components and three generations of SCADA systems Explains the classification of a SCADA IDS based on its architecture and implementation Surveys the current literature in the field and suggests possible directions for future research SCADA Security: Machine Learning Concepts for Intrusion Detection and Prevention is a must-read for all SCADA security and networking researchers, engineers, system architects, developers, managers, lecturers, and other SCADA security industry practitioners.

Оглавление

Xun Yi. SCADA Security

Table of Contents

List of Tables

List of Illustrations

Guide

Pages

SCADA SECURITY: MACHINE LEARNING CONCEPTS FOR INTRUSION DETECTION AND PREVENTION. SCADA-BASED IDs SECURITY

FOREWORD

PREFACE

ACRONYMS

CHAPTER 1 Introduction

1.1 Overview

1.2 EXISTING SOLUTIONS

1.3 SIGNIFICANT RESEARCH PROBLEMS

1.4 BOOK FOCUS

1.5 BOOK ORGANIZATION

Note

CHAPTER 2 Background

2.1 SCADA SYSTEMS

2.1.1 Main Components

2.1.2 Architecture

Monolothic systems (First Generation)

Distributed systems (Second Generation)

Networked systems (Third Generation)

2.1.3 Protocols

2.2 INTRUSION DETECTION SYSTEM (IDS)

2.2.1 SCADA Network‐Based

2.2.2 SCADA Application‐Based

2.3 IDS Approaches

Signature‐based

SCADA anomaly‐based

CHAPTER 3 SCADA‐Based Security Testbed

3.1 MOTIVATION

3.2 GUIDELINES TO BUILDING A SCADA SECURITY TESTBED

3.3 SCADAVT DETAILS

3.3.1 The Communication Infrastructure

CORE architecture

The selection features

3.3.2 Computer‐Based SCADA Components

Modbus/TCP Simulators of Master/Slave

Modbus/TCP Simulator of HMI Server

I/O Modules Simulator

3.3.3 SCADA Protocols's Implementation

3.3.4 Linking Internal/External World Components

The IOModules Protocol

3.3.5 Simulation of a Controlled Environment

3.4 SCADAVT APPLICATION

3.4.1 The SCADAVT Setup

3.4.2 The Water Distribution System Setup

3.4.3 SCADA System Setup for WDS

3.4.4 Configuration Steps

3.5 ATTACK SCENARIOS

3.5.1 Denial of Service (DoS) Attacks

3.5.2 Integrity Attacks

3.6 CONCLUSION

3.7 APPENDIX FOR THIS CHAPTER

3.7.1 Modbus Registers Mapping

3.7.2 The Configuration of IOModuleGate

CHAPTER 4 Efficient k‐Nearest Neighbour Approach Based on Various‐Widths Clustering

4.1 INTRODUCTION

4.2 RELATED WORK

4.3 THE NNVWC APPROACH

4.3.1 FWC Algorithm and Its Limitations

4.3.2 Various‐Widths Clustering

Partitioning process

Merging process

Parameters

4.3.3 The ‐NN Search

Definition 4.1 Definition[k‐nearest neighbors]

Definition 4.2 [Candidate cluster for an object ]

4.4 EXPERIMENTAL EVALUATION

4.4.1 Data Sets

4.4.2 Performance Metrics

Reduction Rate of Distance Computations

Reduction Rate of Computation Time

4.4.3 Impact of Cluster Size

4.4.4 Baseline Methods

KD‐tree

Ball tree

Cover tree

FWC

4.4.5 Distance Metric

4.4.6 Complexity Metrics

Search Time

Construction Time

4.5 CONCLUSION

Chapter 5 SCADA Data‐Driven Anomaly Detection

5.1 INTRODUCTION

5.2 SDAD APPROACH

5.2.1 Observation State of SCADA Points

Definition 5.1 [Observation of SCADA points]

Definition 5.2 [Inconsistent/consistent observation]

5.2.2 Separation of Inconsistent Observations

Inconsistency scoring

The Separation Threshold

5.2.3 Extracting Proximity‐Detection Rules

5.2.4 Inconsistency Detection

5.3 EXPERIMENTAL SETUP

5.3.1 System Setup

5.3.2 WDS Scenario

5.3.3 Attack Scenario

5.3.4 Data Sets

Simulated Data Sets

Real Data Sets

5.3.5 Normalization

5.4 RESULTS AND ANALYSIS

5.4.1 Accuracy Metrics

5.4.2 Separation Accuracy of Inconsistent Observations

5.4.3 Detection Accuracy

‐Means Algorithm

SDAD Evaluation

5.5 SDAD LIMITATIONS

5.6 CONCLUSION

CHAPTER 6 A Global Anomaly Threshold to Unsupervised Detection

6.1 INTRODUCTION

6.2 RELATED WORK

6.3 GATUD APPROACH

6.3.1 Learning of Most‐Representative Data Sets

Step 1: Anomaly Scoring

Step 2: Selection of Candidate Sets

6.3.2 Decision‐Making Model

Illustrative Example

6.4 EXPERIMENTAL SETUP

6.4.1 Choice of Parameters

6.4.2 The Candidate Classifiers

6.5 RESULTS AND DISCUSSION

6.5.1 Integrating GATUD into SDAD

Results of the Separation Process With/Without GATUD,

Results of Proximity Detection Rules With/Without GATUD

6.5.2 Integrating GATUD into the Clustering‐based Method

6.6 CONCLUSION

CHAPTER 7 Threshold Password‐Authenticated Secret Sharing Protocols

7.1 MOTIVATION

7.2 EXISTING SOLUTIONS

7.3 DEFINITION OF SECURITY

Participants, Initialization, Passwords, Secrets

Execution of the Protocol

Correctness

Freshness

Advantage of the Adversary

Definition 7.1

Definition 7.2

7.4 TPASS PROTOCOLS

7.4.1 Protocol‐Based on Two‐Phase Commitment. Initialization

Parameter Generation

Password Generation

Secret Sharing

Protocol Execution

(A) Retrieval Request

(B) Retrieval Response

Commitment Phase

Opening Phase

(C) Secret Retrieval

7.4.2 Protocol Based on Zero‐Knowledge Proof. Initialization

Protocol Execution

(A) Retrieval Request

(B) Retrieval Response

(C) Secret Retrieval

7.4.3 Correctness. Correctness of the TPASS Protocol Based on Two‐Phase Commitment

Correctness of the TPASS Protocol Based on Zero‐Knowledge Proof

7.4.4 Efficiency. Efficiency of the TPASS Protocol Based on Two‐Phase Commitment

Efficiency of the TPASS Protocol Based on Zero‐Knowledge Proof

7.5 SECURITY ANALYSIS. 7.5.1 Security Analysis of the TPASS Protocol Based on Two‐Phase Commitment

Theorem 1

Proof

Experiment

Claim 1

Experiment

Claim 2

Experiment

Claim 3

Experiment

Claim 4

Experiment

Claim 5

Theorem 2

Proof

For the first subcase,

Experiment

Claim 6

Experiment

Claim 7

For the second subcase,

Experiment

Claim 8

7.5.2 Security Analysis of the TPASS Protocol Based on Zero‐Knowledge Proof

Noninteractive Zero‐Knowledge Proof of Knowledge Assumption

Theorem 3

Proof

Claim 3'

Claim 4'

Theorem 4

7.6 EXPERIMENTS

7.6.1 Performance of Initialization

7.6.2 Performance of Retrieve

7.7 CONCLUSION

CHAPTER 8 Conclusion

SUMMARY

A Framework for SCADA Security Testbed (SCADAVT)

An Efficient Search for k‐NN in Large and High‐Dimensional Data

Clustering‐Based Proximity Rules for SCADA Anomaly Detection

Towards Global Anomaly Threshold to Unsupervised Detection

FUTURE WORK

REFERENCES

INDEX

Wiley Series on Parallel and Distributed Computing

WILEY END USER LICENSE AGREEMENT

Отрывок из книги

Wiley Series On Parallel and Distributed Computing

.....

The model‐based detection method proposed in Valdes and Cheung (2009) illustrates communication patterns. This is based on the assumption that the communication patterns of control systems are regular and predictable because SCADA has specific services as well as interconnected and communicated devices that are already predefined. This method is useful in providing a border monitoring of the requested services sand devices. Similarly, Gross et al. (2004) proposed a collaborative method, named “selecticast”, which uses a centralized server to disperse among ID sensors any information about activities coming from suspicious IPs. Ning et al. (2002) identify causal relationships between alerts using prerequisites and consequences. In essence, these methods fail to detect high‐level control attacks, which are the most difficult threats to combat successfully (Wei et al., 2011). Furthermore, SCADA network level methods are not concerned with the operational meaning of the process parameter values, which are carried by SCADA protocols, as long as they are not violating the specifications of the protocol being used or a broader picture of the monitored system.

Thus, analytical models based on the full system's specifications have been suggested in the literature. Fovino et al. (2010a) proposed an analytical method to identify critical states for specific‐correlated process parameters. Therefore, the developed detection models are used to detect malicious actions (such as high‐level control attacks) that try to drive the targeted system into a critical state. In the same direction, Carcano et al. (2011) and Fovino et al. (2012) extended this idea by identifying critical states for specific‐correlated process parameters. Then, each critical state is represented by a multivariate vector, each vector being a reference point to measure the degree of criticality of the current system. For example, when the distance of the current system state is close to any critical state, it shows that the system is approaching a critical state. However, the critical state‐based methods require full specifications of all correlated process parameters in addition to their respective acceptable values. Moreover, the analytical identification of critical states for a relatively large number of correlated process parameters is time‐expensive and difficult. This is because the complexity of the interrelationship among these parameters is proportional to their numbers. Furthermore, any change in the system brought about by adding or removing process parameters will require the same effort again. Obviously, human errors are highly expected in the identification process of critical system states.

.....

Добавление нового отзыва

Комментарий Поле, отмеченное звёздочкой  — обязательно к заполнению

Отзывы и комментарии читателей

Нет рецензий. Будьте первым, кто напишет рецензию на книгу SCADA Security
Подняться наверх