Abstract
Increased interconnectivity, interoperability and complexity of communication in Supervisory Control and Data Acquisition (further only SCADA) systems, resulted in increasing efficiency of industrial processes. However, the recently isolated SCADA systems are considered as the targets of considerable number of cyber-attacks. Because of this, the SCADA cyber-security is under constant pressure. In this article we examine suitability of current state signature based Intrusion Detection System (further only IDS) in SCADA systems. Therefore, we deeply evaluate the Snort and the Quickdraw rules based on signatures in order to specify their relations to SCADA cyber security. We report the results of the study comprising more than two hundred rules.
This is a preview of subscription content, log in via an institution.
References
Verba, J., Milvich, M.: Idaho National Laboratory Supervisory Control and Data Acquisition Intrusion Detection System (SCADA IDS). In: IEEE Conference on Technologies for Homeland Security, pp. 469–473 (2008)
Stouffer, K., Falco, J., Scarfone, K.: Guide to Industrial Control Systems (ICS) Security. National Institute of Standards and Technology. http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-final.pdf (2011) [cit. 2015-12-01]
Macaulay, T., Singer, B.: Cybersecurity for industrial control systems: SCADA, DCS, PLC, HMI, and SIS, 193 pp. CRC Press, Boca Raton, FL (2012). ISBN: 14-398-0196-7
Fisk, M., Varghese, G.: Fast content-based packet handling for intrusion detection. Los Alamos National Lab, NM Computing Communications and Networking Div (2001)
Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS): Recommendations of the National Institute of Standards and Technology (2007) [cit. 2015-12-03]
Pritika, M.E.H.R.A.: A brief study and comparison of snort and bro open source network intrusion detection systems. Int. J. Adv. Res. Comput. Commun. Eng. 1(6), 383–386 (2012)
Shah, S.N., Singh, Ms.P.: Signature-based network intrusion detection system using SNORT and WINPCAP. Int. J. Eng. Res. Technol. (ESRSA Publications) (2012)
The Snort Intrusion Detection System: https://www.snort.org/ (2015)
Acknowledgments
This work was founded by the Internal Grant Agency (IGA/FAI/2016/014) and supported by the project ev. no. VI20152019049 “RESILIENCE 2015:RESILIENCE 2015: Dynamic Resilience Evaluation of Interrelated Critical Infrastructure Subsystems” supported by the Ministry of the Interior Security Research Programme of the Czech Republic in the years 2015–2020. Moreover, this work was supported by the Ministry of Education, Youth and Sports of the Czech Republic within the National Sustainability Programme project No. LO1303 (MSMT-7778/2014) and also by the European Regional Development Fund under the project CEBIA-Tech No. CZ.1.05/2.1.00/03.0089.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Vávra, J., Hromada, M. (2016). Comparison of the Intrusion Detection System Rules in Relation with the SCADA Systems. In: Silhavy, R., Senkerik, R., Oplatkova, Z.K., Silhavy, P., Prokopova, Z. (eds) Software Engineering Perspectives and Application in Intelligent Systems. ICTIS CSOC 2017 2016. Advances in Intelligent Systems and Computing, vol 465. Springer, Cham. https://doi.org/10.1007/978-3-319-33622-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-33622-0_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-33620-6
Online ISBN: 978-3-319-33622-0
eBook Packages: EngineeringEngineering (R0)