ICS protocol dissectors for signature-based NIDS
Veit, Maxime Fabian
Abstract:
Intrusion control systems (ICS) are used in various industries, including critical infrastructures; the security against attacks is of particular importance. Network Intrusion Detection Systems (NIDS), which can use protocol-specific dissectors, are particularly suitable for this, as they can prevent attack attempts without interfering with the ICS. This work investigates the question of under which conditions rules based on ICS-protocol-specific dissectors should be preferred over the rules based on the TCP payload provided by the transport layer dissector. This work evaluates aspects of security, usability, and especially the performance regarding the scope of functions of the dissector. Therefore, an ICS protocol dissector for the S7Comm protocol is implemented and evaluated together with an SSH dissector in different scenarios. Further influencing factors that could interfere with the processing performance, but also the detection accuracy, are investigated.
| Zugehörige Institution(en) am KIT | Lehrstuhl ITM Hartenstein (Lehrstuhl ITM Hartenstein) |
| Publikationstyp | Hochschulschrift |
| Publikationsdatum | 01.12.2021 |
| Sprache | Englisch |
| Identifikator | KITopen-ID: 1000178009 |
| Verlag | Karlsruher Institut für Technologie (KIT) |
| Umfang | xv, 106 S. |
| Art der Arbeit | Abschlussarbeit - Master |
| Schlagwörter | Intrusion Control Systems (ICS), Network Intrusion Detection Systems (NIDS), Protocol-Specific Dissectors, ICS Security, S7Comm Protocol, Transport Layer Dissector, TCP Payload, Detection Accuracy, Processing Performance, Critical Infrastructure Security, SSH Dissector, ICS Protocol Rules, Intrusion Prevention, Performance Evaluation, Usability in NIDS |