ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2016, Vol. 53 ›› Issue (9): 2039-2054.doi: 10.7544/issn1000-1239.2016.20150465

Previous Articles     Next Articles

Intrusion Detection Techniques for Industrial Control Systems

Yang An1,2, Sun Limin1, Wang Xiaoshan1,2, Shi Zhiqiang1   

  1. 1(Key Laboratory of IOT Information Security Technology(Institute of Information Engineering,Chinese Academy of Sciences), Beijing 100093);2(University of Chinese Academy of Sciences, Beijing 100049)
  • Online:2016-09-01

Abstract: In recent decades, with the introduction of Ethernet and the more close connection with external network, an increasingly larger number of vulnerabilities have been found in the industrial control system (ICS), exposing its serious security problem. These security issues cannot be handled completely due to the variety of the vulnerability. Therefore, we must construct the defense-in-depth system for ICS. In particular, the intrusion detection system (IDS) is one of the most important parts in the defense-in-depth system of ICS. The IDS is able to discover the potential intrusion by misuse detection and anomaly detection. In this survey, we analyze the architecture and characteristics of ICS and provide the detailed descriptions of the security concept of ICS. Then, according to the characteristics of ICS, we put forward a clear requirement of ICS IDS and elaborate its connotation. Moreover, we categorize the existing IDS methods based on the detection strategy, including traffic detection, protocol detection and equipment state detection. In each category, we analyze the detection technique and discuss the detection algorithm. Finally, for future work, from the perspective of the disadvantages of current solutions and the constraints for ICS applications, we summarize some research trends of ICS IDS from the aspects of performance metric, detection technique and detection architecture.

Key words: industrial control system (ICS), intrusion detection system (IDS), traffic detection, protocol detection, equipment state detection

CLC Number: