A Question of Context: Enhancing Intrusion Detection by Providing Context Information
Due to the fourth industrial revolution, and the resulting increase in interconnectivity, industrial networks are more and more opened to publicly available networks. Apart from the huge benefit in manageability and flexibility, the openness also results in a larger attack surface for malicious adve...
Gespeichert in:
Veröffentlicht in: | arXiv.org 2019-05 |
---|---|
Hauptverfasser: | , , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | |
---|---|
container_issue | |
container_start_page | |
container_title | arXiv.org |
container_volume | |
creator | Simon Duque Anton Fraunholz, Daniel Teuber, Stephan Schotten, Hans Dieter |
description | Due to the fourth industrial revolution, and the resulting increase in interconnectivity, industrial networks are more and more opened to publicly available networks. Apart from the huge benefit in manageability and flexibility, the openness also results in a larger attack surface for malicious adversaries. In comparison to office environments, industrial networks have very high volumes of data. In addition to that, every delay will most likely lead to loss of revenue. Hence, intrusion detection systems for industrial applications have different requirements than office-based intrusion detection systems. On the other hand, industrial networks are able to provide a lot of contextual information due to manufacturing execution systems and enterprise resource planning. Additionally, industrial networks tend to be more uniform, making it easier to determine outliers. In this work, an abstract simulation of industrial network behaviour is created. Malicious actions are introduced into a set of sequences of valid behaviour. Finally, a context-based and context-less intrusion detection system is used to find the attacks. The results are compared and commented. It can be seen that context information can help in identifying malicious actions more reliable than intrusion detection with only one source of information, e.g. the network. |
doi_str_mv | 10.48550/arxiv.1905.11735 |
format | Article |
fullrecord | <record><control><sourceid>proquest_arxiv</sourceid><recordid>TN_cdi_arxiv_primary_1905_11735</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2231645122</sourcerecordid><originalsourceid>FETCH-LOGICAL-a522-b31650934c6e061da920f3a207b3f330cb28dc5ed3e7fc2033b246859cb1d8093</originalsourceid><addsrcrecordid>eNotj8tOwzAQRS0kJKrSD2BFJNYp9kycB7sqFKhUCZDKOrIdG1JRuzhJ1f49TtrVXcy5M3MIuWN0nuSc00fhj81hzgrK54xlyK_IBBBZnCcAN2TWtltKKaQZcI4T8rWIPnvddo2zkTNR6Wynj91TtLQ_wqrGfkcr2_m-HebPutNqJOUp-vDu0NQDcOkE0Di_EwNwS66N-G317JJTsnlZbsq3eP3-uioX61hwgFgiSzktMFGppimrRQHUoACaSTSIVEnIa8V1jTozCiiihCTNeaEkq_NQnJL789rRudr7Zif8qRrcq9E9EA9nYu_d3-BZbV3vbfipAgjnE85C_gMwJFvw</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2231645122</pqid></control><display><type>article</type><title>A Question of Context: Enhancing Intrusion Detection by Providing Context Information</title><source>arXiv.org</source><source>Free E- Journals</source><creator>Simon Duque Anton ; Fraunholz, Daniel ; Teuber, Stephan ; Schotten, Hans Dieter</creator><creatorcontrib>Simon Duque Anton ; Fraunholz, Daniel ; Teuber, Stephan ; Schotten, Hans Dieter</creatorcontrib><description>Due to the fourth industrial revolution, and the resulting increase in interconnectivity, industrial networks are more and more opened to publicly available networks. Apart from the huge benefit in manageability and flexibility, the openness also results in a larger attack surface for malicious adversaries. In comparison to office environments, industrial networks have very high volumes of data. In addition to that, every delay will most likely lead to loss of revenue. Hence, intrusion detection systems for industrial applications have different requirements than office-based intrusion detection systems. On the other hand, industrial networks are able to provide a lot of contextual information due to manufacturing execution systems and enterprise resource planning. Additionally, industrial networks tend to be more uniform, making it easier to determine outliers. In this work, an abstract simulation of industrial network behaviour is created. Malicious actions are introduced into a set of sequences of valid behaviour. Finally, a context-based and context-less intrusion detection system is used to find the attacks. The results are compared and commented. It can be seen that context information can help in identifying malicious actions more reliable than intrusion detection with only one source of information, e.g. the network.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.1905.11735</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Computer Science - Cryptography and Security ; Control systems ; Enterprise resource planning ; Industrial applications ; Internet resources ; Intrusion detection systems ; Manufacturing execution systems ; Networks ; Outliers (statistics) ; Sequences</subject><ispartof>arXiv.org, 2019-05</ispartof><rights>2019. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,784,885,27925</link.rule.ids><backlink>$$Uhttps://doi.org/10.1109/CTTE.2017.8260938$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.48550/arXiv.1905.11735$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Simon Duque Anton</creatorcontrib><creatorcontrib>Fraunholz, Daniel</creatorcontrib><creatorcontrib>Teuber, Stephan</creatorcontrib><creatorcontrib>Schotten, Hans Dieter</creatorcontrib><title>A Question of Context: Enhancing Intrusion Detection by Providing Context Information</title><title>arXiv.org</title><description>Due to the fourth industrial revolution, and the resulting increase in interconnectivity, industrial networks are more and more opened to publicly available networks. Apart from the huge benefit in manageability and flexibility, the openness also results in a larger attack surface for malicious adversaries. In comparison to office environments, industrial networks have very high volumes of data. In addition to that, every delay will most likely lead to loss of revenue. Hence, intrusion detection systems for industrial applications have different requirements than office-based intrusion detection systems. On the other hand, industrial networks are able to provide a lot of contextual information due to manufacturing execution systems and enterprise resource planning. Additionally, industrial networks tend to be more uniform, making it easier to determine outliers. In this work, an abstract simulation of industrial network behaviour is created. Malicious actions are introduced into a set of sequences of valid behaviour. Finally, a context-based and context-less intrusion detection system is used to find the attacks. The results are compared and commented. It can be seen that context information can help in identifying malicious actions more reliable than intrusion detection with only one source of information, e.g. the network.</description><subject>Computer Science - Cryptography and Security</subject><subject>Control systems</subject><subject>Enterprise resource planning</subject><subject>Industrial applications</subject><subject>Internet resources</subject><subject>Intrusion detection systems</subject><subject>Manufacturing execution systems</subject><subject>Networks</subject><subject>Outliers (statistics)</subject><subject>Sequences</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GOX</sourceid><recordid>eNotj8tOwzAQRS0kJKrSD2BFJNYp9kycB7sqFKhUCZDKOrIdG1JRuzhJ1f49TtrVXcy5M3MIuWN0nuSc00fhj81hzgrK54xlyK_IBBBZnCcAN2TWtltKKaQZcI4T8rWIPnvddo2zkTNR6Wynj91TtLQ_wqrGfkcr2_m-HebPutNqJOUp-vDu0NQDcOkE0Di_EwNwS66N-G317JJTsnlZbsq3eP3-uioX61hwgFgiSzktMFGppimrRQHUoACaSTSIVEnIa8V1jTozCiiihCTNeaEkq_NQnJL789rRudr7Zif8qRrcq9E9EA9nYu_d3-BZbV3vbfipAgjnE85C_gMwJFvw</recordid><startdate>20190528</startdate><enddate>20190528</enddate><creator>Simon Duque Anton</creator><creator>Fraunholz, Daniel</creator><creator>Teuber, Stephan</creator><creator>Schotten, Hans Dieter</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20190528</creationdate><title>A Question of Context: Enhancing Intrusion Detection by Providing Context Information</title><author>Simon Duque Anton ; Fraunholz, Daniel ; Teuber, Stephan ; Schotten, Hans Dieter</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a522-b31650934c6e061da920f3a207b3f330cb28dc5ed3e7fc2033b246859cb1d8093</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Computer Science - Cryptography and Security</topic><topic>Control systems</topic><topic>Enterprise resource planning</topic><topic>Industrial applications</topic><topic>Internet resources</topic><topic>Intrusion detection systems</topic><topic>Manufacturing execution systems</topic><topic>Networks</topic><topic>Outliers (statistics)</topic><topic>Sequences</topic><toplevel>online_resources</toplevel><creatorcontrib>Simon Duque Anton</creatorcontrib><creatorcontrib>Fraunholz, Daniel</creatorcontrib><creatorcontrib>Teuber, Stephan</creatorcontrib><creatorcontrib>Schotten, Hans Dieter</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Access via ProQuest (Open Access)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>arXiv Computer Science</collection><collection>arXiv.org</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Simon Duque Anton</au><au>Fraunholz, Daniel</au><au>Teuber, Stephan</au><au>Schotten, Hans Dieter</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Question of Context: Enhancing Intrusion Detection by Providing Context Information</atitle><jtitle>arXiv.org</jtitle><date>2019-05-28</date><risdate>2019</risdate><eissn>2331-8422</eissn><abstract>Due to the fourth industrial revolution, and the resulting increase in interconnectivity, industrial networks are more and more opened to publicly available networks. Apart from the huge benefit in manageability and flexibility, the openness also results in a larger attack surface for malicious adversaries. In comparison to office environments, industrial networks have very high volumes of data. In addition to that, every delay will most likely lead to loss of revenue. Hence, intrusion detection systems for industrial applications have different requirements than office-based intrusion detection systems. On the other hand, industrial networks are able to provide a lot of contextual information due to manufacturing execution systems and enterprise resource planning. Additionally, industrial networks tend to be more uniform, making it easier to determine outliers. In this work, an abstract simulation of industrial network behaviour is created. Malicious actions are introduced into a set of sequences of valid behaviour. Finally, a context-based and context-less intrusion detection system is used to find the attacks. The results are compared and commented. It can be seen that context information can help in identifying malicious actions more reliable than intrusion detection with only one source of information, e.g. the network.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.1905.11735</doi><oa>free_for_read</oa></addata></record> |
fulltext | fulltext |
identifier | EISSN: 2331-8422 |
ispartof | arXiv.org, 2019-05 |
issn | 2331-8422 |
language | eng |
recordid | cdi_arxiv_primary_1905_11735 |
source | arXiv.org; Free E- Journals |
subjects | Computer Science - Cryptography and Security Control systems Enterprise resource planning Industrial applications Internet resources Intrusion detection systems Manufacturing execution systems Networks Outliers (statistics) Sequences |
title | A Question of Context: Enhancing Intrusion Detection by Providing Context Information |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-23T04%3A45%3A43IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_arxiv&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Question%20of%20Context:%20Enhancing%20Intrusion%20Detection%20by%20Providing%20Context%20Information&rft.jtitle=arXiv.org&rft.au=Simon%20Duque%20Anton&rft.date=2019-05-28&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.1905.11735&rft_dat=%3Cproquest_arxiv%3E2231645122%3C/proquest_arxiv%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2231645122&rft_id=info:pmid/&rfr_iscdi=true |