Lima et al., 2020 - Google Patents
BP-IDS: Using business process specification to leverage intrusion detection in critical infrastructuresLima et al., 2020
View PDF- Document ID
- 9749786299314989113
- Author
- Lima J
- Apolinário F
- Escravana N
- Ribeiro C
- Publication year
- Publication venue
- 2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)
External Links
Snippet
Intrusion detection systems typically suffer from effectiveness problems, of being incapable of detecting new threats, or generating too many false alarms to be of any usefulness. Specification-based intrusion detection systems tackle these problems, exhibiting low false …
- 238000001514 detection method 0 title abstract description 50
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/26—Monitoring arrangements; Testing arrangements
- H04L12/2602—Monitoring arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/06—Arrangements for maintenance or administration or management of packet switching networks involving management of faults or events or alarms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. local area networks [LAN], wide area networks [WAN]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Application independent communication protocol aspects or techniques in packet data networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11902120B2 (en) | Synthetic data for determining health of a network security system | |
| EP2517437B1 (en) | Intrusion detection in communication networks | |
| CN110086810B (en) | Fingerprint recognition method and device for passive industrial control equipment based on characteristic behavior analysis | |
| CN107135093B (en) | Internet of things intrusion detection method and detection system based on finite automaton | |
| US9860278B2 (en) | Log analyzing device, information processing method, and program | |
| Garitano et al. | A review of SCADA anomaly detection systems | |
| EP3297248B1 (en) | System and method for generating rules for attack detection feedback system | |
| CN100531073C (en) | Condition detection based protocol abnormity detecting method and system | |
| US20140337974A1 (en) | System and method for semantic integration of heterogeneous data sources for context aware intrusion detection | |
| Lima et al. | BP-IDS: Using business process specification to leverage intrusion detection in critical infrastructures | |
| Su et al. | Detecting p2p botnet in software defined networks | |
| Fallah et al. | Android malware detection using network traffic based on sequential deep learning models | |
| CN102624721B (en) | Feature code verification platform system and feature code verification method | |
| Ferling et al. | Intrusion detection for sequence-based attacks with reduced traffic models | |
| US11399036B2 (en) | Systems and methods for correlating events to detect an information security incident | |
| Feng et al. | Snort improvement on profinet RT for industrial control system intrusion detection | |
| Ovaz Akpinar et al. | Development of the ECAT preprocessor with the trust communication approach | |
| CN105227540A (en) | A kind of MTD guard system of event-triggered and method | |
| CN113285937B (en) | A security audit method and system based on traditional substation configuration files and IEC103 protocol traffic | |
| Heigl et al. | A resource-preserving self-regulating Uncoupled MAC algorithm to be applied in incident detection | |
| Ponomarev | Intrusion Detection System of industrial control networks using network telemetry | |
| Skopik et al. | Intrusion detection in distributed systems using fingerprinting and massive event correlation | |
| Quincozes et al. | Towards feature engineering for intrusion detection in IEC–61850 communication networks | |
| Mitra et al. | IDS for ARP spoofing using LTL based discrete event system framework | |
| Bhuyan et al. | Alert management and anomaly prevention techniques |