network monitoring on industrial control systems
play

Network Monitoring on Industrial Control Systems Alvaro Cardenas, - PowerPoint PPT Presentation

Sep 28, 2023 •227 likes •458 views

Network Monitoring on Industrial Control Systems Alvaro Cardenas, PhD. David I Urbina, PhD. candidate Introduction of NSM Long term goals Current Research ICS T raffjc Analysis Intrusion Detection Some T ools for NSM

  1. Network Monitoring on Industrial Control Systems Alvaro Cardenas, PhD. David I Urbina, PhD. candidate

  2. ● Introduction of NSM ● Long term goals ● Current Research – ICS T raffjc Analysis – Intrusion Detection ● Some T ools for NSM 1/13/15 2

  3. Network Security Monitoring is the collection, analysis, and escalation of indications and warnings to detect and respond to intrusions. -Informit 1/13/15 3

  4. Network Security Monitoring in ICS 1/13/15 4

  5. Long term goals ● Improve Operational Situational Awareness (OSA). ● Improve Security Situational Awareness (SSA). ● Integrate OSA and SSA into the Control Centers. 1/13/15 5

  6. Integration OSA and SSA in ICS 1/13/15 6

  7. Traffjc Analysis 1/13/15 7

  8. Dissecting Modbus Packets Data Data Link Ethernet 2 / 802.3 IP Data Network TCP Data Transport Data Modbus/TCP Application Modbus 1/13/15 8

  9. Modbus/TCP 1/13/15 9

  10. Intrusion Detection 1/13/15 10

  11. Detection methods: ● Knowledge-based intrusion-detection techniques apply the knowledge accumulated about specifjc attacks and system vulnerabilities. (IT) ● Behavior-based intrusion-detection techniques assume that an intrusion can be detected by observing a deviation from the normal or expected behavior of the system or the users. (ICS) 1/13/15 11

  12. Detection methods: ● Knowledge-based intrusion-detection techniques apply the knowledge accumulated about specifjc attacks and system vulnerabilities. (IT) ● Behavior-based intrusion-detection techniques assume that an intrusion can be detected by observing a deviation from the normal or expected behavior of the system or the users. (ICS) 1/13/15 12

  13. Law Abiding “Behavior” T2 T1 A B A B A B 1/13/15 13

  14. Using models to detect deviations Physical Model 1/13/15 14

  15. Which tools do we use? 1/13/15 15

  16. ● Ubuntu-based Linux distribution for NSM. ● Free and open source GNU GPL v2 ● Helps on: – Deep Packet Inspection – Protocol Analysis – Traffjc Analysis – Intrusion Detection and Prevention 1/13/15 16

  17. Deployment scenarios – Standalone – Server-sensor 1/13/15 17

  18. ● Core functions – Full packet capture → netsnifg-ng (http://netsnifg-ng.com) – Network-based IDS ● Snort (http://snort.org) ● Suricata (http://suricata-ids.org) ● Bro (http://bro-ids.org) – Host-based IDS ● OSSEC (http://www.ossec.net) – Analysis T ools ● Sguil (http://sguild.sourceforge.net) ● Squert (http://www.squertproject.org/) ● Snorby (https://snorby.org/) ● ELSA (https://code.google.com/p/enterprise-log-search-and-archive/ ) 1/13/15 18

  19. Extensible network analysis framework not restricted to any particular detection approach. ● Free and Open Source Bro 1/13/15 19

  20. Bro features ● Logging framework ● Multiple Traffjc Analyzers for IT and ICS protocols ● Extensible Analysis Architecture ● Domain-specifjc, Turing complete Scripting language 1/13/15 20

  21. Previous related research Analysis of Encrypted Traffjc ● Best Paper Award, "On the Practicality of Detecting Anomalies – with Encrypted T raffjc in AMI", IEEE SmartGridComm, 2014. 1/13/15 21

  22. Thanks! 1/13/15 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control

Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control

Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control Systems Research Philipp Mieden & Rutger Beltman, 2020 Supervisor: Bartosz Czaszynski, Deloitte Industrial Network VS Corporate Network 2

379 views • 35 slides
Industrial Control Systems The Other Network And Cyber Security Dated: March 7, 2019

Industrial Control Systems The Other Network And Cyber Security Dated: March 7, 2019

3/8/2019 Industrial Control Systems The Other Network And Cyber Security Dated: March 7, 2019 Davenport GICSP 1848 What are ICS Networks? 1 3/8/2019 What are ICS Networks? ICS, or Industrial Controls Systems, is a generic

360 views • 20 slides
Holistic Control for Wireless Control Systems Yehan Ma CSE 521S Industrial Process Automation

Holistic Control for Wireless Control Systems Yehan Ma CSE 521S Industrial Process Automation

Holistic Control for Wireless Control Systems Yehan Ma CSE 521S Industrial Process Automation Large Scale Challenging environment q Physical plant Relative low speed q Network communication Stability is critical q Health, Safety, and

391 views • 38 slides
In-network Monitoring and Control Policy for DVFS of CMP Networks- on-Chip and Last Level Caches

In-network Monitoring and Control Policy for DVFS of CMP Networks- on-Chip and Last Level Caches

In-network Monitoring and Control Policy for DVFS of CMP Networks- on-Chip and Last Level Caches Xi Chen 1 , Zheng Xu 1 , Hyungjun Kim 1 , Paul V. Gratz 1 , Jiang Hu 1 , Michael Kishinevsky 2 and Umit Ogras 2 1 Computer Engineering and Systems

581 views • 30 slides
Industrial Robots Industrial Robots Control Control Part 2 Control Control Part 2 Part 2

Industrial Robots Industrial Robots Control Control Part 2 Control Control Part 2 Part 2

Industrial Robots Industrial Robots Control Control Part 2 Control Control Part 2 Part 2 Part 2 Introduction to centralized control Independent joint decentralized control may prove inadequate when the user requires high task

673 views • 36 slides
Industrial Control System Security Overview Peter Maynard, PhD Researcher # ?? @CSIT_QUB What

Industrial Control System Security Overview Peter Maynard, PhD Researcher # ?? @CSIT_QUB What

Industrial Control System Security Overview Peter Maynard, PhD Researcher # ?? @CSIT_QUB What is ICS and SCADA Industrial Control Systems (ICS): Chemical, water, gas processing. Transportation, electricity, nuclear systems.

331 views • 7 slides
Eliminating Adverse Control Plane Interactions in Independent Network Systems Matthew K.

Eliminating Adverse Control Plane Interactions in Independent Network Systems Matthew K.

Eliminating Adverse Control Plane Interactions in Independent Network Systems Matthew K. Mukerjee Computer Science PhD Thesis Defense May 1st, 2018 Network Control CDN server selection Routing Congestion Control VM migration Network

1.71k views • 131 slides
Philips EasySense SNH200 DLC qualified network lighting control for high-bay/industrial

Philips EasySense SNH200 DLC qualified network lighting control for high-bay/industrial

Philips EasySense SNH200 DLC qualified network lighting control for high-bay/industrial applications Selected by IES for the 2018 Progress Report Companion with Philips Advance Xitanium 95W SR high-bay/industrial LED drivers -

328 views • 3 slides
yxwvutsrponmlkihgfedcbaUTSONCA Control systems are computer based facilities, systems, and

yxwvutsrponmlkihgfedcbaUTSONCA Control systems are computer based facilities, systems, and

7/11/2011 Why this presentation? This is an emerging and important area of information assurance that of cyber physical systems. CPS instantiated in the industrial world can be view as control system security or sometimes called

130 views • 10 slides
Fieldbus : : Fieldbus Industrial Network Industrial Network Real Time Network Real Time

Fieldbus : : Fieldbus Industrial Network Industrial Network Real Time Network Real Time

Fieldbus : : Fieldbus Industrial Network Industrial Network Real Time Network Real Time Network Jean-Pierre Thomesse Institut National Polytechnique de Lorraine Nancy, France ETR 2005 - Fieldbus - Industrial Network - Real Time Network

1.4k views • 71 slides
NKN Annual Workshop, IIT Mumbai, 31 st Oct -2 nd Nov 2012 Evolution of Network Management Systems

NKN Annual Workshop, IIT Mumbai, 31 st Oct -2 nd Nov 2012 Evolution of Network Management Systems

NKN Annual Workshop, IIT Mumbai, 31 st Oct -2 nd Nov 2012 Evolution of Network Management Systems Device centric approach 90s Network Management meant device control and monitoring Mostly based on Simple Network Management Protocol (SNMP)

730 views • 19 slides
ndd P rint MPS Complete Stock Events Billing Cycle Monitoring Control Monitoring Validation

ndd P rint MPS Complete Stock Events Billing Cycle Monitoring Control Monitoring Validation

ndd P rint MPS Complete Stock Events Billing Cycle Monitoring Control Monitoring Validation Many nddPrint MPS define supplies replenishment, based on the printers behavior instead of its supply levels Specialists in network and USB

728 views • 25 slides
(POSTER) An Empirical Comparative Measurement on Real ICS Network Tra ffi c to Internet Tra ffi c

(POSTER) An Empirical Comparative Measurement on Real ICS Network Tra ffi c to Internet Tra ffi c

(POSTER) An Empirical Comparative Measurement on Real ICS Network Tra ffi c to Internet Tra ffi c Chanwoo Bae, Won-Seok Hwang National Security Research Institute (NSRI) Motivation Cyber-Physical Systems = Industrial Control Systems

507 views • 9 slides
Take Control Automated Control Industrial Engineering Industrial I.T. C/ Halcn n 20, 6H

Take Control Automated Control Industrial Engineering Industrial I.T. C/ Halcn n 20, 6H

Programming and Automation Ltd. www.proconingenieros.com Take Control Automated Control Industrial Engineering Industrial I.T. C/ Halcn n 20, 6H Granada. info@proconingenieros.com Automation and control Industrial I.T. - Industrial

304 views • 19 slides
Security Challenges and Requirements for Industrial Control Systems in the Semiconductor

Security Challenges and Requirements for Industrial Control Systems in the Semiconductor

Security Challenges and Requirements for Industrial Control Systems in the Semiconductor Manufacturing Sector Malek Ben Salem Accenture Technology Labs NIST Workshop on Cyber-Security for Cyber-physical Devices April 23 rd , 2012 Outline

837 views • 37 slides
Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File Systems Network File Systems Stephen Smaldone, Vinod Ganapathy, and Liviu Iftode DiscoLab - Department of Computer Science Rutgers, The State University

667 views • 23 slides
Design and implementation of an intrusion detection system (IDS) for in-vehicle networks

Design and implementation of an intrusion detection system (IDS) for in-vehicle networks

Design and implementation of an intrusion detection system (IDS) for in-vehicle networks Presented by: Nors Salman Credits to my thesis partner: Marco Bresch Brief background: in-vehicle networks Controller Area Network (CAN) MOST

425 views • 23 slides
Practical Application of Cyber Crime Issues Nibal Idlebi and Matthew Perkins United Nations

Practical Application of Cyber Crime Issues Nibal Idlebi and Matthew Perkins United Nations

UN-ESCWA Practical Application of Cyber Crime Issues Nibal Idlebi and Matthew Perkins United Nations Economic and Social Commission of Western Asia (UN-ESCWA) Information and Communication Technology Division Practical Applications This

700 views • 28 slides
Look Into The Future - Analyzing Mirai botnet - Mauritius 2016 FIRST TC Minoru Kobayashi

Look Into The Future - Analyzing Mirai botnet - Mauritius 2016 FIRST TC Minoru Kobayashi

Look Into The Future - Analyzing Mirai botnet - Mauritius 2016 FIRST TC Minoru Kobayashi Internet Initiative Japan Inc. Who am I ? Minoru Kobayashi I work for Internet Initiative Japan Inc.. IIJ is a Japanese ISP (We are the

418 views • 19 slides
Memristor Based Autoencoder for Unsupervised Real-Time Network Intrusion and Anomaly Detection

Memristor Based Autoencoder for Unsupervised Real-Time Network Intrusion and Anomaly Detection

Memristor Based Autoencoder for Unsupervised Real-Time Network Intrusion and Anomaly Detection Md. Shahanur Alam, B. Rasitha Fernando, Yassine Jaoudi, Chris Yakopcic, Raqibul Hasan, Tarek M. Taha, and Guru Subramanyam Dept. Of Electrical and

428 views • 19 slides
Bear Essentials Bear Essentials Rangers in the Classroom Presentation Rangers in the Classroom

Bear Essentials Bear Essentials Rangers in the Classroom Presentation Rangers in the Classroom

Bear Essentials Bear Essentials Rangers in the Classroom Presentation Rangers in the Classroom Presentation Lesson Plan 1st and 2nd Grade Lesson Plan 2nd Grade Introduction: Grade Level(s): 1st & 2nd Welcome to the Rangers in

454 views • 7 slides
Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect

Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect

Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect Multi-phase approach Initially: create Cyber Domain PIM and S TIX PS M with UML Profile for NIEM Expand to other PS M, create Threat Meta

211 views • 10 slides
On-line Learning Architectures March 2017 Tarek M. Taha Electrical and Computer Engineering

On-line Learning Architectures March 2017 Tarek M. Taha Electrical and Computer Engineering

On-line Learning Architectures March 2017 Tarek M. Taha Electrical and Computer Engineering Department University of Dayton 1 Tarek Taha Device SPICE Model Boise State Univ of Michigan HP Labs Actual Device 1 60 0 1 Current (mA)

528 views • 14 slides
EternalBlue: Exploit Analysis and Beyond WHO AM I? Emma McCall Cyber Security Analyst @ Riot

EternalBlue: Exploit Analysis and Beyond WHO AM I? Emma McCall Cyber Security Analyst @ Riot

EternalBlue: Exploit Analysis and Beyond WHO AM I? Emma McCall Cyber Security Analyst @ Riot Games @RiotNymia on Twitter JUST A LITTLE HISTORY Black Market Intelligence Auc1on Approx. August 2016 No bites April 14 th 2017 Group

462 views • 35 slides

More recommend