Model based Design of Intrusion Detection Systems for ICS

Abstract

International audienceToday, industrial control systems (ICS) are connected to the Internet. The addition of computer capabilities to ICSs has improved performance, reduced costs, and many other benefits. However, ICSs are not designed with security in mind. These systems, therefore, present security risks related to their IT vulnerabilities. Applying IT's security solutions to the ICS are not enough due to the difference between these two systems represented by the interaction between the cyber and physical system in ICS. Hence, it seems relevant to rely on a physical model of the cyber-physical system to obtain an intrusion detection system (IDS) for those systems. Most of the IDSs are based on rules to define how the IDS would detect attacks on the system. These rules are generally used either to describe possible attacks scenarios on the systems or the normal system behavior. However, creating and maintaining handmade rules for a complex system could be very difficult. In this article, we propose a model-based approach that consists of generating IDS rules from a physical system model and the authorized behavior specification. Then we illustrate the proposed algorithm in a case study