Process-Aware Model-based Intrusion Detection System on Filtering Approach: Further Investigations
Résumé
Against new emerging cyber-threats targeting Industrial Control Systems (ICSs), Intrusion Detection Systems (IDSs) have emerged as viable solutions for implementing signature or behavioural approaches. The Security Approach based on Filter Execution (S.A.F.E.), a process-aware model-based IDS, deploys detection mechanisms through the implementation of command and report filters close to the process under control. Based on the S.A.F.E. approach, this paper proposes its improvement and novel contributions: a report filter modelling, optimization algorithms for speeding up the computation of the detection indicators and an implementation on a real testbed.