Skip to Main content Skip to Navigation
Theses

Risk monitoring with intrusion detection for industrial control systems

Steve Muller 1, 2
2 OCIF - Objets communicants pour l'Internet du futur
IMT Atlantique - IMT Atlantique Bretagne-Pays de la Loire, IRISA-D2 - RÉSEAUX, TÉLÉCOMMUNICATION ET SERVICES
Abstract : Cyber-attacks on critical infrastructure such as electricity, gas, and water distribution, or power plants, are more and more considered to be a relevant and realistic threat to the European society. Whereas mature solutions like anti-malwareapplications, intrusion detection systems (IDS) and even intrusion prevention or self-healing systems have been designed for classic computer systems, these techniques have only been partially adapted to the world of Industrial ControlSystems (ICS). As a consequence, organisations and nations fall back upon risk management to understand the risks that they are facing. Today's trend is to combine risk management with real-time monitoring to enable prompt reactions in case of attacks. This thesis aims at providing techniques that assist security managers in migrating from a static risk analysis to areal-time and dynamic risk monitoring platform. Risk monitoring encompasses three steps, each being addressed in detail in this thesis: the collection of risk-related information, the reporting of security events, and finally the inclusion of this real time information into a risk analysis. The first step consists in designing agents that detect incidents in the system. In this thesis, an intrusion detection system is developed to this end, which focuses on an advanced persistent threat (APT) that particularly targets critical infrastructures. The second step copes with the translation of the obtained technical information in more abstract notions of risk, which can then be used in the context of a risk analysis. In the final step, the information collected from the various sources is correlated so as to obtain the risk faced by the entire system. Since industrial environments are characterised by many interdependencies, a dependency model is elaborated which takes dependencies into account when the risk is estimated.
Document type :
Theses
Complete list of metadatas

Cited literature [209 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-02007847
Contributor : Abes Star :  Contact
Submitted on : Tuesday, February 5, 2019 - 2:15:32 PM
Last modification on : Wednesday, August 5, 2020 - 3:43:11 AM
Long-term archiving on: : Monday, May 6, 2019 - 3:28:51 PM

File

2018IMTA0082_Muller-Steve.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-02007847, version 1

Citation

Steve Muller. Risk monitoring with intrusion detection for industrial control systems. Cryptography and Security [cs.CR]. Ecole nationale supérieure Mines-Télécom Atlantique, 2018. English. ⟨NNT : 2018IMTA0082⟩. ⟨tel-02007847⟩

Share

Metrics

Record views

331

Files downloads

806