IPAL: Breaking up Silos of Protocol-dependent and Domain-specific Industrial Intrusion Detection Systems

by   Konrad Wolsing, et al.

The increasing interconnection of industrial networks with the Internet exposes them to an ever-growing risk of cyberattacks. A well-proven mechanism to detect such attacks is industrial intrusion detection, which searches for anomalies in otherwise predictable communication or process behavior. However, efforts to improve these detection methods mostly focus on specific domains and communication protocols, leading to a research landscape that is broken up into isolated silos. Thus, existing approaches cannot be applied to other industrial scenarios that would equally benefit from powerful detection approaches. To better understand this issue, we survey 53 detection systems and conclude that there is no fundamental reason for their narrow focus. Although they are often coupled to specific industrial protocols in practice, many approaches could generalize to new industrial scenario in theory. To unlock this potential for intrusion detection across industrial domains and protocols, we propose IPAL, our industrial protocol abstraction layer, to decouple intrusion detection from domain-specific industrial communication protocols. We show the practical applicability and correctness of IPAL through a reproducibility study in which we re-implement eight detection approaches from related work on top of IPAL. Finally, we showcase the unique benefits of IPAL for industrial intrusion detection research by studying the generalizability of existing approaches to new datasets and conclude that they are indeed not restricted to specific domains or protocols.


page 1

page 2

page 3

page 4


Putting Together the Pieces: A Concept for Holistic Industrial Intrusion Detection

Besides the advantages derived from the ever present communication prope...

A Question of Context: Enhancing Intrusion Detection by Providing Context Information

Due to the fourth industrial revolution, and the resulting increase in i...

Efficient Intrusion Detection on Low-Performance Industrial IoT Edge Node Devices

Communication between sensors, actors and Programmable Logic Controllers...

Towards a Privacy-preserving Deep Learning-based Network Intrusion Detection in Data Distribution Services

Data Distribution Service (DDS) is an innovative approach towards commun...

Machine Learning for Intrusion Detection in Industrial Control Systems: Applications, Challenges, and Recommendations

Methods from machine learning are being applied to design Industrial Con...

Using Temporal and Topological Features for Intrusion Detection in Operational Networks

Until two decades ago, industrial networks were deemed secure due to phy...

Collecting MIB Data from Network Managed by SNMP using Multi Mobile Agents

Network anomalies are destructive to networks. Intrusion detection syste...

Please sign up or login with your details

Forgot password? Click here to reset