Presentation is loading. Please wait.

Presentation is loading. Please wait.

On the Efficacy of Anomaly Detection in Process Control Networks

Published byPoppy Holt Modified over 6 years ago

Similar presentations

Presentation on theme: "On the Efficacy of Anomaly Detection in Process Control Networks"— Presentation transcript:

1 On the Efficacy of Anomaly Detection in Process Control Networks
Alfonso Valdes SRI International April, 2006

2 Background Digital automation has made control systems safer, more productive Formerly, purpose-built, isolated, proprietary protocols and platforms Increasingly, commodity platforms and protocols encapsulating legacy, integration to enterprise systems Intelligent end devices with embedded OS and configured over web interface Security practices lag enterprise security Best practice documents emerging Widely distributed systems with weak perimeter control IDS/IPS still relatively novel in PCS Threat not well understood

3 Critical Need The National Critical Infrastructure needs defenses that
detect and prevent cyber and blended cyber/physical attack, enable effective response, and facilitate timely recovery Such defenses must secure the present heterogeneous environment of legacy and modern systems, as well as get and stay ahead of the technology curve

4 Anomaly Detection Advantage over signature systems: potential to detect unknown attacks Not widely used in enterprise IDS/IPS False alarms Malicious is not always anomalous, anomalous is not always malicious (McHugh) Learning based Statistical N-Grams Specification Based Difficult to specify real systems at adequate fidelity

5 Hypothesis: AD Will be more Effective in Control Systems
Topology is relatively static System mission is relatively narrow in scope Many important messages are regularly timed Both learning and spec based AD may be more feasible and effective Room to explore information theoretic, frequency, wavelet, other novel approaches Counter trend: adoption of sensor nets (large number of nodes, nodes come and go)

Download ppt "On the Efficacy of Anomaly Detection in Process Control Networks"

Similar presentations

1 © Copyright, Risk Masters, Inc. 2014. All rights reserved.Draft for Discussion Purposes Only RMI Risk Masters, Inc. Emerging Trends in Cyber-Security.

1 © Copyright, Risk Masters, Inc All rights reserved.Draft for Discussion Purposes Only RMI Risk Masters, Inc. Emerging Trends in Cyber-Security.
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
Design Deployment and Use of the DETER Testbed Terry Benzel, Robert Braden, Dongho Kim, Clifford Informatino Sciences Institute 2008. 10. 22.

Design Deployment and Use of the DETER Testbed Terry Benzel, Robert Braden, Dongho Kim, Clifford Informatino Sciences Institute
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Www.mobilevce.com © 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.

© 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
David Flournoy Bit9 Mid-Atlantic Regional Manager

David Flournoy Bit9 Mid-Atlantic Regional Manager
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Extensible Networking Platform 1 1 - IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I) Jennifer Rexford, Princeton University Joan Feigenbaum, Yale University July.

Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I) Jennifer Rexford, Princeton University Joan Feigenbaum, Yale University July.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Towards a Distributed, Service-Oriented Control Infrastructure for Smart Grid ASU - Cyber Physical Systems Lab Professor G. Fainekos Presenter: Ramtin.

Towards a Distributed, Service-Oriented Control Infrastructure for Smart Grid ASU - Cyber Physical Systems Lab Professor G. Fainekos Presenter: Ramtin.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
A Vehicular Ad Hoc Networks Intrusion Detection System Based on BUSNet.

A Vehicular Ad Hoc Networks Intrusion Detection System Based on BUSNet.
Page 1 ADAM-6000 Web-enabled Smart I/O Γιάννης Στάβαρης Technical Manager Ιούνιος 26, 2007.

Page 1 ADAM-6000 Web-enabled Smart I/O Γιάννης Στάβαρης Technical Manager Ιούνιος 26, 2007.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Similar presentations

Ads by Google