Visible to the public Securing connection between IT and OT: the Fog Intrusion Detection System prospective

TitleSecuring connection between IT and OT: the Fog Intrusion Detection System prospective
Publication TypeConference Paper
Year of Publication2019
AuthorsColelli, Riccardo, Panzieri, Stefano, Pascucci, Federica
Conference Name2019 II Workshop on Metrology for Industry 4.0 and IoT (MetroInd4.0 IoT)
Date PublishedJune 2019
ISBN Number978-1-7281-0429-4
Keywordsanomaly based features, anomaly detection, common signature based intrusion detection system, cyberattack, cybersecurity, deep packet inspection, digital signatures, distributed processing, Fog Computing, fog intrusion detection system, ICs, industrial control, industrial control system, industrial control systems, Industrial Informatics, Industrial Internet of Things, industrial IoT devices, information technology network, Internet of Things, Intrusion detection, intrusion detection system, legacy systems, Monitoring, New Implementation Approaches, operational technology network, production engineering computing, proprietary protocols, Protocols, pubcrawl, resilience, Resiliency, SCADA systems, Scalability, security of data, Tools

Industrial Control systems traditionally achieved security by using proprietary protocols to communicate in an isolated environment from the outside. This paradigm is changed with the advent of the Industrial Internet of Things that foresees flexible and interconnected systems. In this contribution, a device acting as a connection between the operational technology network and information technology network is proposed. The device is an intrusion detection system related to legacy systems that is able to collect and reporting data to and from industrial IoT devices. It is based on the common signature based intrusion detection system developed in the information technology domain, however, to cope with the constraints of the operation technology domain, it exploits anomaly based features. Specifically, it is able to analyze the traffic on the network at application layer by mean of deep packet inspection, parsing the information carried by the proprietary protocols. At a later stage, it collect and aggregate data from and to IoT domain. A simple set up is considered to prove the effectiveness of the approach.

Citation Keycolelli_securing_2019