Title: Preemptive: an integrated approach to intrusion detection and prevention in industrial control systems
Authors: Estefanía Etchevés Miciolino; Dario Di Noto; Federico Griscioli; Maurizio Pizzonia; Jörg Kippe; Steffen Pfrang; Xavier Clotet; Gladys León; Fatai Babatunde Kassim; David Lund; Elisa Costante
Addresses: Vitrociset S.p.A., Via Tiburtina, 1020, Rome, Italy ' Vitrociset S.p.A., Via Tiburtina, 1020, Rome, Italy ' Università degli Studi 'Roma Tre', Via della Vasca Navale, 79, Rome, Italy ' Università degli Studi 'Roma Tre', Via della Vasca Navale, 79, Rome, Italy ' Fraunhofer IOSB, Fraunhoferstraße 1, Karlsruhe, Germany ' Fraunhofer IOSB, Fraunhoferstraße 1, Karlsruhe, Germany ' Aplicaciones en Informática Avanzada (AIA) S.L., Avda. Torre Blanca, 57, Sant Cugat, Spain ' Aplicaciones en Informática Avanzada (AIA) S.L., Avda. Torre Blanca, 57, Sant Cugat, Spain ' HW Communications Ltd, Greaves Road, Lancaster, UK ' HW Communications Ltd, Greaves Road, Lancaster, UK ' SecurityMatters B.V., Eindhoven, The Netherlands
Abstract: Cyber-security of industrial control systems (ICSs) is notoriously hard due to the peculiar constraints of the specific context. At the same time, the use of specifically crafted malware to target ICSs is an established offensive mean for opposing organisations, groups, or countries. We provide an overview of the results attained by the Preemptive project to improve the cyber-security of ICSs. Preemptive devised several integrated tools for detection and prevention of intrusions in this context. It also provides a way to correlate many small events giving rise to more significant ones, and shows the whole cybersecurity state to the user by means of specific human-machine interfaces.
Keywords: cyber-security; SCADA protection; ICS security; IDS; events correlation.
DOI: 10.1504/IJCIS.2017.088233
International Journal of Critical Infrastructures, 2017 Vol.13 No.2/3, pp.206 - 237
Received: 22 Nov 2016
Accepted: 11 Apr 2017
Published online: 30 Nov 2017 *