On the Efficacy of Anomaly Detection in Process Control Networks

Slides:

Advertisements

Similar presentations

1 © Copyright, Risk Masters, Inc All rights reserved.Draft for Discussion Purposes Only RMI Risk Masters, Inc. Emerging Trends in Cyber-Security.

Advertisements

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Design Deployment and Use of the DETER Testbed Terry Benzel, Robert Braden, Dongho Kim, Clifford Informatino Sciences Institute

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

© 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

David Flournoy Bit9 Mid-Atlantic Regional Manager

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

The State of Security Management By Jim Reavis January 2003.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I) Jennifer Rexford, Princeton University Joan Feigenbaum, Yale University July.

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Towards a Distributed, Service-Oriented Control Infrastructure for Smart Grid ASU - Cyber Physical Systems Lab Professor G. Fainekos Presenter: Ramtin.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

A Vehicular Ad Hoc Networks Intrusion Detection System Based on BUSNet.

Page 1 ADAM-6000 Web-enabled Smart I/O Γιάννης Στάβαρης Technical Manager Ιούνιος 26, 2007.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

EAACK—A Secure Intrusion-Detection System for MANETs

Active Security Ryan Hand, Michael Ton, Eric Keller.

2 nd Annual review Florence 15 th November 2013 Railway security demonstrator.

Network Security David Lazăr.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

Cryptography and Network Security (CS435) Part One (Introduction)

Attacks in Sensor Networks Team Members: Subramanian Madhanagopal Sivasankaran Rahul Poondy Mukundan.

SDN AND OPENFLOW SPECIFICATION SPEAKER: HSUAN-LING WENG DATE: 2014/11/18.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Winning with Check point

Intelligent NeSSI Sampling Systems – Feasible and Practical Rick Ales and Dave Simko Swagelok Company IFPAC 2006.

Security: Emerging Threats & Trends Danielle Alvarez, CISO.

Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.

Cyber in the Cloud & Network Enabling Offense and Defense Mark Odell April 28, 2015.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

IS3220 Information Technology Infrastructure Security

Infrastructure for the People-Ready Business. Presentation Outline POINT B: Pro-actively work with your Account manager to go thru the discovery process.

1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.

Keeping your network devices secure Despite constituting the lifeline of every corporate IT infrastructure, network devices happen to be the most notoriously.

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM)

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

Surveillance and Security Systems Cyber Security Integration.

Protect your Digital Enterprise

CS457 Introduction to Information Security Systems

CompSci 280 S Introduction to Software Development

SDN challenges Deployment challenges

IoT Security Part 2, The Malware

Firmware threat Dhaval Chauhan MIS 534.

What is it ? …all via a single, proven Platform-as-a-Service.

Martin Casado, Nate Foster, and Arjun Guha CACM, October 2014

System Center Marketing

The Next Generation - UNIFIED

Security Methods and Practice CET4884

Grid Operations Engagement Group

Detection and Analysis of Threats to the Energy Sector (DATES)

Optimal CyberSecurity Analyst Staffing Plan

10CS835 Information Security

Meng Cao, Xiangqing Sun, Ziyue Chen May 28th, 2014

VMware NSX and Micro-Segmentation

Connected and Autonomous Vehicle Cybersecurity Controller Area Network

Artificial Intelligence Changes the Security Landscape

Four Generations of Security Devices Putting IDS in Context

Network and security trends in connected cars

Comparison to existing state of security experimentation

Wenyu Ren, Timothy Yardley, Klara Nahrstedt

THE CYBER LANDSCAPE UNCLASSIFIED CROSS DOMAIN NETWORK & INFO SHARING

Presentation transcript:

On the Efficacy of Anomaly Detection in Process Control Networks Alfonso Valdes SRI International alfonso.valdes@sri.com April, 2006

Background Digital automation has made control systems safer, more productive Formerly, purpose-built, isolated, proprietary protocols and platforms Increasingly, commodity platforms and protocols encapsulating legacy, integration to enterprise systems Intelligent end devices with embedded OS and configured over web interface Security practices lag enterprise security Best practice documents emerging Widely distributed systems with weak perimeter control IDS/IPS still relatively novel in PCS Threat not well understood

Critical Need The National Critical Infrastructure needs defenses that detect and prevent cyber and blended cyber/physical attack, enable effective response, and facilitate timely recovery Such defenses must secure the present heterogeneous environment of legacy and modern systems, as well as get and stay ahead of the technology curve

Anomaly Detection Advantage over signature systems: potential to detect unknown attacks Not widely used in enterprise IDS/IPS False alarms Malicious is not always anomalous, anomalous is not always malicious (McHugh) Learning based Statistical N-Grams Specification Based Difficult to specify real systems at adequate fidelity

Hypothesis: AD Will be more Effective in Control Systems Topology is relatively static System mission is relatively narrow in scope Many important messages are regularly timed Both learning and spec based AD may be more feasible and effective Room to explore information theoretic, frequency, wavelet, other novel approaches Counter trend: adoption of sensor nets (large number of nodes, nodes come and go)