Abstract
Compared with standard information technology systems, industrial control systems show more consistent and regular communications patterns. This characteristic contributes to the stability of controlled processes in critical infrastructures such as power plants, electric grids and water treatment facilities. However, Stuxnet has demonstrated that skilled attackers can strike critical infrastructures by leveraging knowledge about these processes. Sequence attacks subvert infrastructure operations by sending misplaced industrial control system messages. This chapter discusses four main sequence attack scenarios against industrial control systems. Real Modbus, Manufacturing Message Specification and IEC 60870-5-104 traffic samples were used to test sequencing and modeling techniques for describing industrial control system communications. The models were then evaluated to verify the feasibility of identifying sequence attacks. The results create the foundation for developing “sequence-aware” intrusion detection systems.
Chapter PDF
Similar content being viewed by others
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 IFIP International Federation for Information Processing
About this paper
Cite this paper
Caselli, M., Zambon, E., Petit, J., Kargl, F. (2015). Modeling Message Sequences for Intrusion Detection in Industrial Control Systems. In: Rice, M., Shenoi, S. (eds) Critical Infrastructure Protection IX. ICCIP 2015. IFIP Advances in Information and Communication Technology, vol 466. Springer, Cham. https://doi.org/10.1007/978-3-319-26567-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-26567-4_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26566-7
Online ISBN: 978-3-319-26567-4
eBook Packages: Computer ScienceComputer Science (R0)