{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,8,5]],"date-time":"2023-08-05T18:10:01Z","timestamp":1691259001368},"reference-count":31,"publisher":"IGI Global","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014,4,1]]},"abstract":"<p>Cyber-threats are one of the most significant problems faced by modern Industrial Control Systems (ICS), such as SCADA (Supervisory Control and Data Acquisition) systems, as the vulnerabilities of ICS technology become serious threats that can ultimately compromise human lives. This situation demands a domain-specific approach to cyber threat detection within ICS, which is one of the most important contributions of the CockpitCI FP7 project (http:\/\/CockpitCI.eu). Specifically, this paper will present the CockpitCI distributed Intrusion Detection System (IDS) for ICS, which provides its core cyber-detection and analysis capabilities, also including a description of its components, in terms of role, operation, integration, and remote management. Moreover, it will also introduce and describe new domain-specific solutions for ICS security such as the SCADA Honeypot and the Shadow Security Unit, which are part of the CockcpitCI IDS framework.<\/p>","DOI":"10.4018\/ijcwt.2014040101","type":"journal-article","created":{"date-parts":[[2015,2,13]],"date-time":"2015-02-13T13:47:15Z","timestamp":1423835235000},"page":"1-22","source":"Crossref","is-referenced-by-count":5,"title":["A Distributed IDS for Industrial Control Systems"],"prefix":"10.4018","volume":"4","author":[{"given":"Tiago","family":"Cruz","sequence":"first","affiliation":[{"name":"University of Coimbra, Coimbra, Portugal"}]},{"given":"Jorge","family":"Proen\u00e7a","sequence":"additional","affiliation":[{"name":"University of Coimbra, Coimbra, Portugal"}]},{"given":"Paulo","family":"Sim\u00f5es","sequence":"additional","affiliation":[{"name":"University of Coimbra, Coimbra, Portugal"}]},{"given":"Matthieu","family":"Aubigny","sequence":"additional","affiliation":[{"name":"iTrust Consulting, Niederanven, Luxembourg"}]},{"given":"Moussa","family":"Ouedraogo","sequence":"additional","affiliation":[{"name":"Luxembourg Institute of Science and Technology, Kirchberg, Luxembourg"}]},{"given":"Antonio","family":"Graziano","sequence":"additional","affiliation":[{"name":"Selex ES, Roma, Italy"}]},{"given":"Leandros","family":"Maglaras","sequence":"additional","affiliation":[{"name":"University of Surrey, Guildford, UK"}]}],"member":"2432","reference":[{"key":"ijcwt.2014040101-0","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48169-9_1"},{"key":"ijcwt.2014040101-1","doi-asserted-by":"crossref","unstructured":"Case, J., Mundy, R., Partain, D., & Stewart, B. 2002, \u2018Introduction and applicability statements for Internet Standard Management Framework\u2019, IETF, viewed Sept. 14, 2014 < https:\/\/tools.ietf.org\/html\/rfc3410>","DOI":"10.17487\/rfc3410"},{"key":"ijcwt.2014040101-2","author":"D.Chappell","year":"2004","journal-title":"Enterprise service bus"},{"key":"ijcwt.2014040101-3","unstructured":"Cisco Systems Inc. Snort Intrusion Detection System, viewed Sept. 11, 2014 <http:\/\/www.snort.org>"},{"key":"ijcwt.2014040101-4","unstructured":"Cockpit, C. I. (2013) CockpitCI FP7 Deliverable D3.1, Requirements and Reference Architecture of the Analysis and Detection Layer, viewed Sept. 1, 2014 < http:\/\/www.cockpitci.eu\/deliverables>"},{"key":"ijcwt.2014040101-5","unstructured":"Cockpit, C. I., & Cockpit, C. I. FP7-SEC-2011-1 Project 285647, viewed Sept. 1, 2014 <http:\/\/CockpitCI.eu>"},{"key":"ijcwt.2014040101-6","doi-asserted-by":"crossref","unstructured":"Debar, H., Curry, D., & Feinstein, B. 2007, \u2018The intrusion detection message exchange format\u2019, viewed Aug. 3, 2014, <http:\/\/www.ietf.org\/rfc\/rfc4765.txt>","DOI":"10.17487\/rfc4765"},{"key":"ijcwt.2014040101-7","first-page":"1983","article-title":"\u2018Electrical Characteristics of Generators and Receivers for Use in Balanced Multipoint Systems\u2019.","volume":"RS-485","year":"1983","journal-title":"EIA Standard"},{"key":"ijcwt.2014040101-8","unstructured":"Esper Complex Event Processing. EsperTech, viewed Aug. 9, 2014 <http:\/\/www.espertech.com\/products\/esper.php>"},{"key":"ijcwt.2014040101-9","unstructured":"Falliere, N., Murchu, L. O., & Chien, E. 2011, \u2018W32.Stuxnet dossier\u2019, viewed Sept. 22, 2014, <http:\/\/ants.mju.ac.kr\/2013Fall\/w32_stuxnet_dossier%28Symantec%29.pdf>"},{"key":"ijcwt.2014040101-10","unstructured":"Fielding, R. T. 2000, \u2018Architectural styles and the design of network-based software architectures\u2019, Ph.D. Dissertation, University of California, Irvine."},{"key":"ijcwt.2014040101-11","unstructured":"Hsu, C., Chang, C., & Lin, C. 2003, \u2018A practical guide to support vector classification\u2019, viewed Sept. 17, 2014, <https:\/\/www.cs.sfu.ca\/people\/Faculty\/teaching\/726\/spring11\/svmguide.pdf>"},{"key":"ijcwt.2014040101-12","unstructured":"IEC. (2006), \u2018Telecontrol equipment and systems - Part 5-104: Transmission protocols - Network access for IEC 60870-5-101 using standard transport profiles\u2019. International Electrotechnical Commission."},{"key":"ijcwt.2014040101-13","year":"2010","journal-title":"std 1815-2010, IEEE Standard for Electric Power Systems Communications -- Distributed Network Protocol (DNP3)"},{"key":"ijcwt.2014040101-14","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.03.001"},{"key":"ijcwt.2014040101-15","unstructured":"ISA. \u2018ISA-99.00.01 (2007) \u2018Security for Industrial Automation and Control Systems - Part 1: Terminology, Concepts, and Models\u2019, International Society of Automation Standard, <http:\/\/isa99.isa.org\/Documents\/Drafts\/ISA-62443-1-1-PUB-A4.pdf>"},{"issue":"9","key":"ijcwt.2014040101-16","doi-asserted-by":"crossref","first-page":"1521","DOI":"10.1016\/j.ijepes.2009.03.004","article-title":"Proposal strategies of key management for data encryption in SCADA network of electric power systems","volume":"33","author":"D.Kang","year":"2011","journal-title":"International Journal of Electrical Power & Energy Systems"},{"key":"ijcwt.2014040101-17","author":"R. L.Krutz","year":"2006","journal-title":"Securing SCADA Systems"},{"key":"ijcwt.2014040101-18","first-page":"3033","article-title":"Improving one-class SVM for anomaly detection","author":"K.Li","year":"2003","journal-title":"Proceedings of the Second International Conference on Machine Learning and Cybernetics"},{"key":"ijcwt.2014040101-19","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2003.1223670"},{"key":"ijcwt.2014040101-20","unstructured":"Modbus Organization. 2012, \u2018Modbus application protocol specification V1.1b\u2019 viewed Sept. 20, 2014 <http:\/\/www.modbus.org\/docs\/Modbus_Application_Protocol_V1_1b.pdf>"},{"key":"ijcwt.2014040101-21","unstructured":"OASIS. \u2018Advanced Message Queuing Protocol (AMQP), version 1.0\u2019, viewed Sept. 12, 2014, <https:\/\/www.oasis-open.org\/committees\/tc_home.php?wg_abbrev=amqp>"},{"key":"ijcwt.2014040101-22","unstructured":"Organization, P. I. (1999), \u2018PROFIBUS & PROFINET International (PI)\u2019, viewed Sept. 10, 2014 <www.profibus.com>."},{"key":"ijcwt.2014040101-23","unstructured":"OSSEC. \u2018Open Source SECurity, Trend Micro\u2019, viewed Sept. 10, 2014 <http:\/\/www.ossec.net>"},{"key":"ijcwt.2014040101-24","doi-asserted-by":"publisher","DOI":"10.1162\/089976601750264965"},{"key":"ijcwt.2014040101-25","unstructured":"SEINIT. \u2018SEINIT - the Security Experts Initiative\u2019, viewed Sept. 10, 2014 <http:\/\/www.isoc.org\/seinit\/portal >"},{"key":"ijcwt.2014040101-26","first-page":"264","article-title":"On the use of Honeypots for detecting cyber attacks on Industrial Control Networks","author":"P.Sim\u00f5es","year":"2013","journal-title":"Proceedings of 12th European Conference on Information Warfare and Security"},{"key":"ijcwt.2014040101-27","author":"L.Spitzner","year":"2002","journal-title":"Honeypots: Tracking hackers"},{"key":"ijcwt.2014040101-28","unstructured":"Triangle MicroWorks, Inc. 2002, \u2018DNP3 Overview\u2019, viewed Sept. 3, 2014, < http:\/\/trianglemicroworks.com\/docs\/default-source\/referenced-documents\/DNP3_Overview.pdf>"},{"key":"ijcwt.2014040101-29","first-page":"358","article-title":"Anomaly intrusion detection using one class SVM","author":"Y.Wang","year":"2004","journal-title":"5th Annual IEEE Information Assurance Workshop"},{"key":"ijcwt.2014040101-30","doi-asserted-by":"publisher","DOI":"10.1109\/iThings\/CPSCom.2011.34"}],"container-title":["International Journal of Cyber Warfare and Terrorism"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=123509","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,8,5]],"date-time":"2023-08-05T17:36:16Z","timestamp":1691256976000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/ijcwt.2014040101"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2014,4,1]]},"references-count":31,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2014,4]]}},"URL":"https:\/\/doi.org\/10.4018\/ijcwt.2014040101","relation":{},"ISSN":["1947-3435","1947-3443"],"issn-type":[{"value":"1947-3435","type":"print"},{"value":"1947-3443","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,4,1]]}}}