network monitoring on industrial control systems
play

Network Monitoring on Industrial Control Systems Alvaro Cardenas, - PowerPoint PPT Presentation

Sep 28, 2023 •227 likes •458 views

Network Monitoring on Industrial Control Systems Alvaro Cardenas, PhD. David I Urbina, PhD. candidate Introduction of NSM Long term goals Current Research ICS T raffjc Analysis Intrusion Detection Some T ools for NSM

  1. Network Monitoring on Industrial Control Systems Alvaro Cardenas, PhD. David I Urbina, PhD. candidate

  2. ● Introduction of NSM ● Long term goals ● Current Research – ICS T raffjc Analysis – Intrusion Detection ● Some T ools for NSM 1/13/15 2

  3. Network Security Monitoring is the collection, analysis, and escalation of indications and warnings to detect and respond to intrusions. -Informit 1/13/15 3

  4. Network Security Monitoring in ICS 1/13/15 4

  5. Long term goals ● Improve Operational Situational Awareness (OSA). ● Improve Security Situational Awareness (SSA). ● Integrate OSA and SSA into the Control Centers. 1/13/15 5

  6. Integration OSA and SSA in ICS 1/13/15 6

  7. Traffjc Analysis 1/13/15 7

  8. Dissecting Modbus Packets Data Data Link Ethernet 2 / 802.3 IP Data Network TCP Data Transport Data Modbus/TCP Application Modbus 1/13/15 8

  9. Modbus/TCP 1/13/15 9

  10. Intrusion Detection 1/13/15 10

  11. Detection methods: ● Knowledge-based intrusion-detection techniques apply the knowledge accumulated about specifjc attacks and system vulnerabilities. (IT) ● Behavior-based intrusion-detection techniques assume that an intrusion can be detected by observing a deviation from the normal or expected behavior of the system or the users. (ICS) 1/13/15 11

  12. Detection methods: ● Knowledge-based intrusion-detection techniques apply the knowledge accumulated about specifjc attacks and system vulnerabilities. (IT) ● Behavior-based intrusion-detection techniques assume that an intrusion can be detected by observing a deviation from the normal or expected behavior of the system or the users. (ICS) 1/13/15 12

  13. Law Abiding “Behavior” T2 T1 A B A B A B 1/13/15 13

  14. Using models to detect deviations Physical Model 1/13/15 14

  15. Which tools do we use? 1/13/15 15

  16. ● Ubuntu-based Linux distribution for NSM. ● Free and open source GNU GPL v2 ● Helps on: – Deep Packet Inspection – Protocol Analysis – Traffjc Analysis – Intrusion Detection and Prevention 1/13/15 16

  17. Deployment scenarios – Standalone – Server-sensor 1/13/15 17

  18. ● Core functions – Full packet capture → netsnifg-ng (http://netsnifg-ng.com) – Network-based IDS ● Snort (http://snort.org) ● Suricata (http://suricata-ids.org) ● Bro (http://bro-ids.org) – Host-based IDS ● OSSEC (http://www.ossec.net) – Analysis T ools ● Sguil (http://sguild.sourceforge.net) ● Squert (http://www.squertproject.org/) ● Snorby (https://snorby.org/) ● ELSA (https://code.google.com/p/enterprise-log-search-and-archive/ ) 1/13/15 18

  19. Extensible network analysis framework not restricted to any particular detection approach. ● Free and Open Source Bro 1/13/15 19

  20. Bro features ● Logging framework ● Multiple Traffjc Analyzers for IT and ICS protocols ● Extensible Analysis Architecture ● Domain-specifjc, Turing complete Scripting language 1/13/15 20

  21. Previous related research Analysis of Encrypted Traffjc ● Best Paper Award, "On the Practicality of Detecting Anomalies – with Encrypted T raffjc in AMI", IEEE SmartGridComm, 2014. 1/13/15 21

  22. Thanks! 1/13/15 22

Recommend

Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control

Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control

Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control Systems Research Philipp Mieden & Rutger Beltman, 2020 Supervisor: Bartosz Czaszynski, Deloitte Industrial Network VS Corporate Network 2

379 views • 35 slides
Industrial Control Systems The Other Network And Cyber Security Dated: March 7, 2019

Industrial Control Systems The Other Network And Cyber Security Dated: March 7, 2019

3/8/2019 Industrial Control Systems The Other Network And Cyber Security Dated: March 7, 2019 Davenport GICSP 1848 What are ICS Networks? 1 3/8/2019 What are ICS Networks? ICS, or Industrial Controls Systems, is a generic

360 views • 20 slides
Holistic Control for Wireless Control Systems Yehan Ma CSE 521S Industrial Process Automation

Holistic Control for Wireless Control Systems Yehan Ma CSE 521S Industrial Process Automation

Holistic Control for Wireless Control Systems Yehan Ma CSE 521S Industrial Process Automation Large Scale Challenging environment q Physical plant Relative low speed q Network communication Stability is critical q Health, Safety, and

391 views • 38 slides
In-network Monitoring and Control Policy for DVFS of CMP Networks- on-Chip and Last Level Caches

In-network Monitoring and Control Policy for DVFS of CMP Networks- on-Chip and Last Level Caches

In-network Monitoring and Control Policy for DVFS of CMP Networks- on-Chip and Last Level Caches Xi Chen 1 , Zheng Xu 1 , Hyungjun Kim 1 , Paul V. Gratz 1 , Jiang Hu 1 , Michael Kishinevsky 2 and Umit Ogras 2 1 Computer Engineering and Systems

581 views • 30 slides
Industrial Robots Industrial Robots Control Control Part 2 Control Control Part 2 Part 2

Industrial Robots Industrial Robots Control Control Part 2 Control Control Part 2 Part 2

Industrial Robots Industrial Robots Control Control Part 2 Control Control Part 2 Part 2 Part 2 Introduction to centralized control Independent joint decentralized control may prove inadequate when the user requires high task

673 views • 36 slides
Industrial Control System Security Overview Peter Maynard, PhD Researcher # ?? @CSIT_QUB What

Industrial Control System Security Overview Peter Maynard, PhD Researcher # ?? @CSIT_QUB What

Industrial Control System Security Overview Peter Maynard, PhD Researcher # ?? @CSIT_QUB What is ICS and SCADA Industrial Control Systems (ICS): Chemical, water, gas processing. Transportation, electricity, nuclear systems.

331 views • 7 slides
Eliminating Adverse Control Plane Interactions in Independent Network Systems Matthew K.

Eliminating Adverse Control Plane Interactions in Independent Network Systems Matthew K.

Eliminating Adverse Control Plane Interactions in Independent Network Systems Matthew K. Mukerjee Computer Science PhD Thesis Defense May 1st, 2018 Network Control CDN server selection Routing Congestion Control VM migration Network

1.71k views • 131 slides
Philips EasySense SNH200 DLC qualified network lighting control for high-bay/industrial

Philips EasySense SNH200 DLC qualified network lighting control for high-bay/industrial

Philips EasySense SNH200 DLC qualified network lighting control for high-bay/industrial applications Selected by IES for the 2018 Progress Report Companion with Philips Advance Xitanium 95W SR high-bay/industrial LED drivers -

328 views • 3 slides
yxwvutsrponmlkihgfedcbaUTSONCA Control systems are computer based facilities, systems, and

yxwvutsrponmlkihgfedcbaUTSONCA Control systems are computer based facilities, systems, and

7/11/2011 Why this presentation? This is an emerging and important area of information assurance that of cyber physical systems. CPS instantiated in the industrial world can be view as control system security or sometimes called

130 views • 10 slides
Fieldbus : : Fieldbus Industrial Network Industrial Network Real Time Network Real Time

Fieldbus : : Fieldbus Industrial Network Industrial Network Real Time Network Real Time

Fieldbus : : Fieldbus Industrial Network Industrial Network Real Time Network Real Time Network Jean-Pierre Thomesse Institut National Polytechnique de Lorraine Nancy, France ETR 2005 - Fieldbus - Industrial Network - Real Time Network

1.4k views • 71 slides
NKN Annual Workshop, IIT Mumbai, 31 st Oct -2 nd Nov 2012 Evolution of Network Management Systems

NKN Annual Workshop, IIT Mumbai, 31 st Oct -2 nd Nov 2012 Evolution of Network Management Systems

NKN Annual Workshop, IIT Mumbai, 31 st Oct -2 nd Nov 2012 Evolution of Network Management Systems Device centric approach 90s Network Management meant device control and monitoring Mostly based on Simple Network Management Protocol (SNMP)

730 views • 19 slides
ndd P rint MPS Complete Stock Events Billing Cycle Monitoring Control Monitoring Validation

ndd P rint MPS Complete Stock Events Billing Cycle Monitoring Control Monitoring Validation

ndd P rint MPS Complete Stock Events Billing Cycle Monitoring Control Monitoring Validation Many nddPrint MPS define supplies replenishment, based on the printers behavior instead of its supply levels Specialists in network and USB

728 views • 25 slides
(POSTER) An Empirical Comparative Measurement on Real ICS Network Tra ffi c to Internet Tra ffi c

(POSTER) An Empirical Comparative Measurement on Real ICS Network Tra ffi c to Internet Tra ffi c

(POSTER) An Empirical Comparative Measurement on Real ICS Network Tra ffi c to Internet Tra ffi c Chanwoo Bae, Won-Seok Hwang National Security Research Institute (NSRI) Motivation Cyber-Physical Systems = Industrial Control Systems

507 views • 9 slides
Take Control Automated Control Industrial Engineering Industrial I.T. C/ Halcn n 20, 6H

Take Control Automated Control Industrial Engineering Industrial I.T. C/ Halcn n 20, 6H

Programming and Automation Ltd. www.proconingenieros.com Take Control Automated Control Industrial Engineering Industrial I.T. C/ Halcn n 20, 6H Granada. info@proconingenieros.com Automation and control Industrial I.T. - Industrial

304 views • 19 slides
Security Challenges and Requirements for Industrial Control Systems in the Semiconductor

Security Challenges and Requirements for Industrial Control Systems in the Semiconductor

Security Challenges and Requirements for Industrial Control Systems in the Semiconductor Manufacturing Sector Malek Ben Salem Accenture Technology Labs NIST Workshop on Cyber-Security for Cyber-physical Devices April 23 rd , 2012 Outline

837 views • 37 slides
Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File Systems Network File Systems Stephen Smaldone, Vinod Ganapathy, and Liviu Iftode DiscoLab - Department of Computer Science Rutgers, The State University

667 views • 23 slides
KYPO4INDUSTRY: A Testbed for Teaching Cybersecurity of Industrial Control Systems Pavel eleda,

KYPO4INDUSTRY: A Testbed for Teaching Cybersecurity of Industrial Control Systems Pavel eleda,

KYPO4INDUSTRY: A Testbed for Teaching Cybersecurity of Industrial Control Systems Pavel eleda, Jan Vykopal, Valdemar vbensk, Karel Slavek celeda@ics.muni.cz Institute of Computer Science, Masaryk University March 14, 2020 @

657 views • 13 slides
Security Controls for Industrial Control Systems EEI/AGA Security Committee Fall Meetings

Security Controls for Industrial Control Systems EEI/AGA Security Committee Fall Meetings

Security Controls for Industrial Control Systems EEI/AGA Security Committee Fall Meetings September 13, 2006 Boston, MA Stuart Katzke and Keith Stouffer, National Institute of Standards & Technology, Gaithersburg, MD Marshall Abrams, The

460 views • 23 slides
The Future of Network Flow Monitoring Prague Embedded Systems Workshop (PESW 2019) Friday 28 th

The Future of Network Flow Monitoring Prague Embedded Systems Workshop (PESW 2019) Friday 28 th

The Future of Network Flow Monitoring Prague Embedded Systems Workshop (PESW 2019) Friday 28 th June, 2019 Petr Velan Flow Monitoring Introduction Internet Flow monitoring is widely used for: Accounting Probe TAP Security (IDS, forensics)

367 views • 20 slides
FruitFlyNet A Locationaware System for Fruit Fly Monitoring and Pest Management Control

FruitFlyNet A Locationaware System for Fruit Fly Monitoring and Pest Management Control

FruitFlyNet A Locationaware System for Fruit Fly Monitoring and Pest Management Control Location Aware Systems (LASs) for Fruit Fly Monitoring and Pest Management Control Project Overview E-monitoring and pest management design issues of a

573 views • 18 slides
Wide Area Measurement Systems - Monitoring and Control for the Grid of the Future Department of

Wide Area Measurement Systems - Monitoring and Control for the Grid of the Future Department of

Wide Area Measurement Systems - Monitoring and Control for the Grid of the Future Department of Energy Transmission Reliability Program Third Annual Carnegie Mellon Conference on the Electricity Industry March 13-14, 2007 Phil Overholt

327 views • 16 slides
Industrial Control Systems Honeypot May1601 Aashwatth Agarwal Dan Borgerding Jon Hope Nik

Industrial Control Systems Honeypot May1601 Aashwatth Agarwal Dan Borgerding Jon Hope Nik

Industrial Control Systems Honeypot May1601 Aashwatth Agarwal Dan Borgerding Jon Hope Nik Kinkel Jon Osborne Korbin Stich http://may1601.sd.ece.iastate.edu Client : Alliant Energy Advisor : Dr. Doug Jacobson April 28, 2016 May1601 ICS

384 views • 15 slides
Industrial Robots Industrial Robots Control Control Part 1 Control Control Part 1 Part 1

Industrial Robots Industrial Robots Control Control Part 1 Control Control Part 1 Part 1

Industrial Robots Industrial Robots Control Control Part 1 Control Control Part 1 Part 1 Part 1 Introduction to robot control The motion control problem motion control problem consists in the design of control algorithms for the robot

822 views • 46 slides
Securing Industrial Control Systems An E2E Integrity Verification Approach Sye-Loong Keoh , Ken

Securing Industrial Control Systems An E2E Integrity Verification Approach Sye-Loong Keoh , Ken

Securing Industrial Control Systems An E2E Integrity Verification Approach Sye-Loong Keoh , Ken Wai-Kin Au School of Computing Science University of Glasgow Zhaohui Tang School of Infocomm Republic Polytechnic, Singapore 1 Introduction

576 views • 21 slides

More recommend