Abstract
Industrial intrusion detection promises to protect networked industrial control systems by monitoring them and raising an alarm in case of suspicious behavior. Many monolithic intrusion detection systems are proposed in literature. These detectors are often specialized and, thus, work particularly well on certain types of attacks or monitor different parts of the system, e.g., the network or the physical process. Combining multiple such systems promises to leverage their joint strengths, allowing the detection of a wider range of attacks due to their diverse specializations and reducing false positives. We study this concept’s feasibility with initial results of various methods to combine detectors.
Type
Publication
38th Annual Computer Security Applications Conference (ACSAC '22)
Dominik Kus
Konrad Wolsing, M.Sc.
External Researcher / FKIE
Dr. rer. nat. Jan Pennekamp
Postdoctoral Researcher
Eric Wagner, M.Sc.
External Researcher / FKIE
