Skip to main content
We gratefully acknowledge support from the Simons Foundation, member institutions, and all contributors. Donate
arXiv logo
Cornell University Logo

Computer Science > Cryptography and Security

arXiv:1905.11735 (cs)
[Submitted on 28 May 2019]

Title:A Question of Context: Enhancing Intrusion Detection by Providing Context Information

Authors:Simon Duque Anton, Daniel Fraunholz, Stephan Teuber, Hans Dieter Schotten
View PDF
Abstract:Due to the fourth industrial revolution, and the resulting increase in interconnectivity, industrial networks are more and more opened to publicly available networks. Apart from the huge benefit in manageability and flexibility, the openness also results in a larger attack surface for malicious adversaries. In comparison to office environments, industrial networks have very high volumes of data. In addition to that, every delay will most likely lead to loss of revenue. Hence, intrusion detection systems for industrial applications have different requirements than office-based intrusion detection systems. On the other hand, industrial networks are able to provide a lot of contextual information due to manufacturing execution systems and enterprise resource planning. Additionally, industrial networks tend to be more uniform, making it easier to determine outliers. In this work, an abstract simulation of industrial network behaviour is created. Malicious actions are introduced into a set of sequences of valid behaviour. Finally, a context-based and context-less intrusion detection system is used to find the attacks. The results are compared and commented. It can be seen that context information can help in identifying malicious actions more reliable than intrusion detection with only one source of information, e.g. the network.
Comments: This is a preprint of a work published at the 2017 Internet of Things Business Models, Users, and Networks
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:1905.11735 [cs.CR]
  (or arXiv:1905.11735v1 [cs.CR] for this version)
  https://doi.org/10.48550/arXiv.1905.11735
Related DOI: https://doi.org/10.1109/CTTE.2017.8260938

Submission history

From: Simon D. Duque Anton [view email]
[v1] Tue, 28 May 2019 10:51:00 UTC (420 KB)
Full-text links:

Access Paper:

  • View PDF
  • TeX Source
view license
Current browse context:
cs.CR
< prev   |   next >
new | recent | 2019-05
Change to browse by:
cs

References & Citations

DBLP - CS Bibliography

listing | bibtex
Simon Duque Antón
Daniel Fraunholz
Stephan Teuber
Hans Dieter Schotten
export BibTeX citation

Bookmark

BibSonomy logo Reddit logo

Bibliographic and Citation Tools

Bibliographic Explorer (What is the Explorer?)
Connected Papers (What is Connected Papers?)
Litmaps (What is Litmaps?)
scite Smart Citations (What are Smart Citations?)

Code, Data and Media Associated with this Article

alphaXiv (What is alphaXiv?)
CatalyzeX Code Finder for Papers (What is CatalyzeX?)
DagsHub (What is DagsHub?)
Gotit.pub (What is GotitPub?)
Hugging Face (What is Huggingface?)
ScienceCast (What is ScienceCast?)

Demos

Replicate (What is Replicate?)
Hugging Face Spaces (What is Spaces?)
TXYZ.AI (What is TXYZ.AI?)

Recommenders and Search Tools

Influence Flower (What are Influence Flowers?)
CORE Recommender (What is CORE?)

arXivLabs: experimental projects with community collaborators

arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.

Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.

Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs.

Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)