Cristin-resultat-ID: 1852106
Sist endret: 4. april 2021, 21:45
NVI-rapporteringsår: 2020
Resultat
Vitenskapelig artikkel
2020

A Prototype Tool for Distinguishing Attacks and Technical Failures in Industrial Control Systems

Bidragsytere:
  • Khurshid Abbas
  • Sabarathinam Chockalingam
  • Nga Dinh og
  • Vikash Katta

Tidsskrift

Norsk Informasjonssikkerhetskonferanse (NISK)
ISSN 1893-6563
e-ISSN 1894-7735
NVI-nivå 1

Om resultatet

Vitenskapelig artikkel
Publiseringsår: 2020
Publisert online: 2021
Trykket: 2020
Volum: 13
Hefte: 3

Klassifisering

Emneord

Bayesiansk Tiltro Nettverk • Sikkerhet • Cyber security • Hendelseshåndtering

Beskrivelse Beskrivelse

Tittel

A Prototype Tool for Distinguishing Attacks and Technical Failures in Industrial Control Systems

Sammendrag

Critical Infrastructures (CIs) are governed by Industrial Control Systems (ICSs). Modern ICSs do not operate in isolation anymore, but they are connected to the Internet. This transformation introduced numerous advantages, however, there are a few drawbacks as well. Integration with the Internet has left ICS exposed to potential cyber-attacks. Additionally, ICSs could also encounter technical failures during operation. Consequently, it is crucial to distinguish between attacks and technical failures to initiate an appropriate response. There is a deficiency of robust technology to assist operators in distinguishing attacks and technical failures in an ICS environment. However, a framework is proposed to construct Bayesian Network (BN) models that would help to distinguish between attacks and technical failures for different observable problems in our previous work. There are tools available to implement such BN models, but these tools are not appropriate to use in an ICS environment. In order to address this limitation, this paper develops and demonstrates a prototype tool for swift identification of the major cause (Intentional Attack/Accidental Technical Failure) in case of an abnormal behaviour in a component of ICS. The proposed tool enables BN models to automatically update prior probabilities based on the historical data and/or expert knowledge corresponding to the application. The developed tool can be further evaluated and used to distinguish between attacks and technical failures during operation in CIs where ICSs are employed.

Bidragsytere

Khurshid Abbas

  • Tilknyttet:
    Forfatter
    ved Fakultet for informasjonsteknologi, ingeniørfag og økonomi ved Høgskolen i Østfold

Sabarathinam Chockalingam

  • Tilknyttet:
    Forfatter
    ved Risiko og sikkerhet ved Institutt for energiteknikk

Thi Thuy Nga Dinh

Bidragsyterens navn vises på dette resultatet som Nga Dinh
  • Tilknyttet:
    Forfatter
    ved Institutt for informasjonsteknologi og kommunikasjon ved Høgskolen i Østfold

Vikash Katta

  • Tilknyttet:
    Forfatter
    ved Risiko og sikkerhet ved Institutt for energiteknikk
1 - 4 av 4