FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W3172510111> ?p ?o ?g. }

• W3172510111 abstract "The objective of this thesis is to develop intrusion detection and alert correlation techniques geared towards industrial control systems (ICS). Our interest is driven by the recent surge in cybersecurity incidents targeting ICS, and the necessity to detect targeted attacks which induce incorrect behavior at the level of the physical process.In the first part of this work, we develop an approach to automatically infer specifications over the sequential behavior of ICS. In particular, we rely on specification language formalisms such as linear temporal logic (LTL) and metric temporal logic (MTL) to express temporal properties over the state of the actuators and sensors. We develop an algorithm to automatically infer specifications from a set of specification patterns covering the most recurring properties. In particular, our approach aims at reducing the number of redundant and unfalsifiable properties generated by the existing approaches. To do so, we add a pre-selection stage which allows to restrict the search for valid properties over non redundant portions of the execution traces. We evaluate our approach on a complex physical process steered by several controllers under process oriented attacks. Our results show that a significant reduction in the number of inferred properties is possible while achieving high detection rates.In the second part of this work, we attempt to combine the physical domain intrusion detection approach developed in the first part with more classical cyber domain intrusion detection approaches. In particular, we develop an alert correlation approach which takes into account some specificities of ICS. First, we explore an alert enrichment approach that allows to map physical domain alerts into the cyber domain. This is motivated by the observation that alertscoming from different domains are characterized by heterogeneous attributes which makes any direct comparison of the alerts difficult. Instead, we enrich the physical domain alerts with cyber domain attributes given knowledge about the protocols supported by the controllers and the memory mapping of process variables within the controllers.In this work, we also explore ICS-specific alert selection policies. An alert selection policy defines which alerts will be selected for comparison by the correlator. Classical approaches often rely on sliding, fixed size, temporal windows as a basis for their selection policy. Instead, we argue that given the complex interdependencies between physical subprocesses, agreeing on analert window size is challenging. Instead, we adopt selection policies that adapt to the state of the physical process by dynamically adjusting the size of the alert windows given the state of the subprocesses within the physical process. Our evaluation results show that our correlator achieves better correlation metrics in comparison with classical temporal based approaches." @default.
• W3172510111 created "2021-06-22" @default.
• W3172510111 creator A5021520111 @default.
• W3172510111 date "2018-11-12" @default.
• W3172510111 modified "2023-09-23" @default.
• W3172510111 title "Intrusion detection for industrial control systems" @default.
• W3172510111 hasPublicationYear "2018" @default.
• W3172510111 type Work @default.
• W3172510111 sameAs 3172510111 @default.
• W3172510111 citedByCount "0" @default.
• W3172510111 crossrefType "dissertation" @default.
• W3172510111 hasAuthorship W3172510111A5021520111 @default.
• W3172510111 hasConcept C111919701 @default.
• W3172510111 hasConcept C120314980 @default.
• W3172510111 hasConcept C124101348 @default.
• W3172510111 hasConcept C127413603 @default.
• W3172510111 hasConcept C134306372 @default.
• W3172510111 hasConcept C154945302 @default.
• W3172510111 hasConcept C171018156 @default.
• W3172510111 hasConcept C176217482 @default.
• W3172510111 hasConcept C179768478 @default.
• W3172510111 hasConcept C199360897 @default.
• W3172510111 hasConcept C21547014 @default.
• W3172510111 hasConcept C25016198 @default.
• W3172510111 hasConcept C2524010 @default.
• W3172510111 hasConcept C2775924081 @default.
• W3172510111 hasConcept C33923547 @default.
• W3172510111 hasConcept C35525427 @default.
• W3172510111 hasConcept C36503486 @default.
• W3172510111 hasConcept C40071531 @default.
• W3172510111 hasConcept C41008148 @default.
• W3172510111 hasConcept C4777664 @default.
• W3172510111 hasConcept C79403827 @default.
• W3172510111 hasConcept C80444323 @default.
• W3172510111 hasConcept C98045186 @default.
• W3172510111 hasConceptScore W3172510111C111919701 @default.
• W3172510111 hasConceptScore W3172510111C120314980 @default.
• W3172510111 hasConceptScore W3172510111C124101348 @default.
• W3172510111 hasConceptScore W3172510111C127413603 @default.
• W3172510111 hasConceptScore W3172510111C134306372 @default.
• W3172510111 hasConceptScore W3172510111C154945302 @default.
• W3172510111 hasConceptScore W3172510111C171018156 @default.
• W3172510111 hasConceptScore W3172510111C176217482 @default.
• W3172510111 hasConceptScore W3172510111C179768478 @default.
• W3172510111 hasConceptScore W3172510111C199360897 @default.
• W3172510111 hasConceptScore W3172510111C21547014 @default.
• W3172510111 hasConceptScore W3172510111C25016198 @default.
• W3172510111 hasConceptScore W3172510111C2524010 @default.
• W3172510111 hasConceptScore W3172510111C2775924081 @default.
• W3172510111 hasConceptScore W3172510111C33923547 @default.
• W3172510111 hasConceptScore W3172510111C35525427 @default.
• W3172510111 hasConceptScore W3172510111C36503486 @default.
• W3172510111 hasConceptScore W3172510111C40071531 @default.
• W3172510111 hasConceptScore W3172510111C41008148 @default.
• W3172510111 hasConceptScore W3172510111C4777664 @default.
• W3172510111 hasConceptScore W3172510111C79403827 @default.
• W3172510111 hasConceptScore W3172510111C80444323 @default.
• W3172510111 hasConceptScore W3172510111C98045186 @default.
• W3172510111 hasOpenAccess W3172510111 @default.
• W3172510111 hasRelatedWork W143688006 @default.
• W3172510111 hasRelatedWork W1684337784 @default.
• W3172510111 hasRelatedWork W169042786 @default.
• W3172510111 hasRelatedWork W1752381403 @default.
• W3172510111 hasRelatedWork W2008877021 @default.
• W3172510111 hasRelatedWork W2023639687 @default.
• W3172510111 hasRelatedWork W2086699202 @default.
• W3172510111 hasRelatedWork W2511988939 @default.
• W3172510111 hasRelatedWork W2573705577 @default.
• W3172510111 hasRelatedWork W2755261346 @default.
• W3172510111 hasRelatedWork W2793734011 @default.
• W3172510111 hasRelatedWork W2808576028 @default.
• W3172510111 hasRelatedWork W2888483609 @default.
• W3172510111 hasRelatedWork W2949719783 @default.
• W3172510111 hasRelatedWork W3033614508 @default.
• W3172510111 hasRelatedWork W3041813209 @default.
• W3172510111 hasRelatedWork W3044384876 @default.
• W3172510111 hasRelatedWork W3092423775 @default.
• W3172510111 hasRelatedWork W3102800496 @default.
• W3172510111 hasRelatedWork W85227141 @default.
• W3172510111 isParatext "false" @default.
• W3172510111 isRetracted "false" @default.
• W3172510111 magId "3172510111" @default.
• W3172510111 workType "dissertation" @default.