OSCIDS: An Ontology based SCADA Intrusion Detection Framework

Abdullah  Al Balushi; Kieran McLaughlin; Sakir Sezer

doi:10.5220/0005969803270335

OSCIDS: An Ontology based SCADA Intrusion Detection Framework

Abdullah Al Balushi, Kieran McLaughlin, Sakir Sezer

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

344 Downloads (Pure)

Abstract

This paper presents the design, development, and validation of an ontology based SCADA intrusion detection system. The proposed system analyses SCADA network communications and can derive additional information based on the background knowledge and ontology models to enhance the intrusion detection data. The developed intrusion model captures network communications, cyber attacks and the context within the SCADA domain. Moreover, a set of semantic rules were constructed to detect various attacks and extract logical relationships among these attacks. The presented framework was extensively evaluated and a comparison to the state of the art is provided.

Original language	English
Title of host publication	Proceedings of the 13th International Joint Conference on e-Business and Telecommunications
Pages	327-335
Number of pages	9
Volume	4: SECRYPT
ISBN (Electronic)	978-989-758-196-0
DOIs	https://doi.org/10.5220/0005969803270335
Publication status	Published - 01 Jul 2016
Event	13th International Conference on Security and Cryptography (SECRYPT) - Lisbon, Portugal Duration: 26 Jul 2016 → 29 Jul 2016 Conference number: 13 http://www.secrypt.icete.org/?y=2016

Conference

Conference	13th International Conference on Security and Cryptography (SECRYPT)
Abbreviated title	SECRYPT
Country	Portugal
City	Lisbon
Period	26/07/2016 → 29/07/2016
Internet address	http://www.secrypt.icete.org/?y=2016

Keywords

Semantics
Ontology
industrial control system
Security
SCADA
Attacks
modelling
knowledge and context

Access to Document

10.5220/0005969803270335

OSCIDS: An Ontology based SCADA Intrusion Detection Framework
© 2016 SCITEPRESS – Science and Technology Publications, Lda. All rights reserved
Accepted author manuscript, 712 KBLicence: Unspecified

Cite this

@inproceedings{ba758eac6600423d9612c3d2fa5773b6,

title = "OSCIDS: An Ontology based SCADA Intrusion Detection Framework",

abstract = "This paper presents the design, development, and validation of an ontology based SCADA intrusion detection system. The proposed system analyses SCADA network communications and can derive additional information based on the background knowledge and ontology models to enhance the intrusion detection data. The developed intrusion model captures network communications, cyber attacks and the context within the SCADA domain. Moreover, a set of semantic rules were constructed to detect various attacks and extract logical relationships among these attacks. The presented framework was extensively evaluated and a comparison to the state of the art is provided.",

keywords = "Semantics, Ontology, industrial control system, Security, SCADA, Attacks, modelling, knowledge and context",

author = "{Al Balushi}, Abdullah and Kieran McLaughlin and Sakir Sezer",

year = "2016",

month = jul,

day = "1",

doi = "10.5220/0005969803270335",

language = "English",

volume = "4: SECRYPT",

pages = "327--335",

booktitle = "Proceedings of the 13th International Joint Conference on e-Business and Telecommunications",

note = "13th International Conference on Security and Cryptography (SECRYPT), SECRYPT ; Conference date: 26-07-2016 Through 29-07-2016",

url = "http://www.secrypt.icete.org/?y=2016",

}

Al Balushi, A, McLaughlin, K & Sezer, S 2016, OSCIDS: An Ontology based SCADA Intrusion Detection Framework. in Proceedings of the 13th International Joint Conference on e-Business and Telecommunications . vol. 4: SECRYPT, pp. 327-335, 13th International Conference on Security and Cryptography (SECRYPT), Lisbon, Portugal, 26/07/2016. https://doi.org/10.5220/0005969803270335

TY - GEN

T1 - OSCIDS: An Ontology based SCADA Intrusion Detection Framework

AU - Al Balushi, Abdullah

AU - McLaughlin, Kieran

AU - Sezer, Sakir

N1 - Conference code: 13

PY - 2016/7/1

Y1 - 2016/7/1

N2 - This paper presents the design, development, and validation of an ontology based SCADA intrusion detection system. The proposed system analyses SCADA network communications and can derive additional information based on the background knowledge and ontology models to enhance the intrusion detection data. The developed intrusion model captures network communications, cyber attacks and the context within the SCADA domain. Moreover, a set of semantic rules were constructed to detect various attacks and extract logical relationships among these attacks. The presented framework was extensively evaluated and a comparison to the state of the art is provided.

AB - This paper presents the design, development, and validation of an ontology based SCADA intrusion detection system. The proposed system analyses SCADA network communications and can derive additional information based on the background knowledge and ontology models to enhance the intrusion detection data. The developed intrusion model captures network communications, cyber attacks and the context within the SCADA domain. Moreover, a set of semantic rules were constructed to detect various attacks and extract logical relationships among these attacks. The presented framework was extensively evaluated and a comparison to the state of the art is provided.

KW - Semantics

KW - Ontology

KW - industrial control system

KW - Security

KW - SCADA

KW - Attacks

KW - modelling

KW - knowledge and context

U2 - 10.5220/0005969803270335

DO - 10.5220/0005969803270335

M3 - Conference contribution

VL - 4: SECRYPT

SP - 327

EP - 335

BT - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications

T2 - 13th International Conference on Security and Cryptography (SECRYPT)

Y2 - 26 July 2016 through 29 July 2016

ER -

OSCIDS: An Ontology based SCADA Intrusion Detection Framework

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this