% % This file was created by the TYPO3 extension % bib % --- Timezone: UTC % Creation date: 2024-10-06 % Creation time: 16-16-37 % --- Number of references % 6 % @Article { 2023_lamberts_metrics-sok, title = {SoK: Evaluations in Industrial Intrusion Detection Research}, journal = {Journal of Systems Research}, year = {2023}, month = {10}, day = {31}, volume = {3}, number = {1}, abstract = {Industrial systems are increasingly threatened by cyberattacks with potentially disastrous consequences. To counter such attacks, industrial intrusion detection systems strive to timely uncover even the most sophisticated breaches. Due to its criticality for society, this fast-growing field attracts researchers from diverse backgrounds, resulting in 130 new detection approaches in 2021 alone. This huge momentum facilitates the exploration of diverse promising paths but likewise risks fragmenting the research landscape and burying promising progress. Consequently, it needs sound and comprehensible evaluations to mitigate this risk and catalyze efforts into sustainable scientific progress with real-world applicability. In this paper, we therefore systematically analyze the evaluation methodologies of this field to understand the current state of industrial intrusion detection research. Our analysis of 609 publications shows that the rapid growth of this research field has positive and negative consequences. While we observe an increased use of public datasets, publications still only evaluate 1.3 datasets on average, and frequently used benchmarking metrics are ambiguous. At the same time, the adoption of newly developed benchmarking metrics sees little advancement. Finally, our systematic analysis enables us to provide actionable recommendations for all actors involved and thus bring the entire research field forward.}, tags = {internet-of-production, rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-lamberts-metrics-sok.pdf}, publisher = {eScholarship Publishing}, ISSN = {2770-5501}, DOI = {10.5070/SR33162445}, reviewed = {1}, author = {Lamberts, Olav and Wolsing, Konrad and Wagner, Eric and Pennekamp, Jan and Bauer, Jan and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2023-wagner-lcn-repel, title = {Retrofitting Integrity Protection into Unused Header Fields of Legacy Industrial Protocols}, year = {2023}, month = {10}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-wagner-repel.pdf}, publisher = {IEEE}, booktitle = {48th IEEE Conference on Local Computer Networks (LCN), Daytona Beach, Florida, US}, event_place = {Daytona Beach, Florida, US}, event_name = {IEEE Conference on Local Computer Networks (LCN)}, event_date = {Oktober 1-5, 2023}, state = {accepted}, language = {en}, reviewed = {1}, author = {Wagner, Eric and Rothaug, Nils and Wolsing, Konrad and Bader, Lennart and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2023-bader-metrics, title = {METRICS: A Methodology for Evaluating and Testing the Resilience of Industrial Control Systems to Cyberattacks}, year = {2023}, month = {9}, day = {28}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-bader-metrics.pdf}, booktitle = {Proceedings of the 9th Workshop on the Security of Industrial Control Systems \& of Cyber-Physical Systems (CyberICPS '23), co-located with the the 28th European Symposium on Research in Computer Security (ESORICS '23)}, event_place = {The Hague, The Netherlands}, event_name = {9th Workshop on the Security of Industrial Control Systems \& of Cyber-Physical Systems (CyberICPS '23)}, event_date = {September 28, 2023}, state = {accepted}, DOI = {10.1007/978-3-031-54204-6_2}, reviewed = {1}, author = {Bader, Lennart and Wagner, Eric and Henze, Martin and Serror, Martin} } @Inproceedings { 2023_wolsing_ensemble, title = {One IDS is not Enough! Exploring Ensemble Learning for Industrial Intrusion Detection}, year = {2023}, month = {9}, day = {25}, volume = {14345}, pages = {102-122}, abstract = {Industrial Intrusion Detection Systems (IIDSs) play a critical role in safeguarding Industrial Control Systems (ICSs) against targeted cyberattacks. Unsupervised anomaly detectors, capable of learning the expected behavior of physical processes, have proven effective in detecting even novel cyberattacks. While offering decent attack detection, these systems, however, still suffer from too many False-Positive Alarms (FPAs) that operators need to investigate, eventually leading to alarm fatigue. To address this issue, in this paper, we challenge the notion of relying on a single IIDS and explore the benefits of combining multiple IIDSs. To this end, we examine the concept of ensemble learning, where a collection of classifiers (IIDSs in our case) are combined to optimize attack detection and reduce FPAs. While training ensembles for supervised classifiers is relatively straightforward, retaining the unsupervised nature of IIDSs proves challenging. In that regard, novel time-aware ensemble methods that incorporate temporal correlations between alerts and transfer-learning to best utilize the scarce training data constitute viable solutions. By combining diverse IIDSs, the detection performance can be improved beyond the individual approaches with close to no FPAs, resulting in a promising path for strengthening ICS cybersecurity.}, note = {Lecture Notes in Computer Science (LNCS), Volume 14345}, keywords = {Intrusion Detection; Ensemble Learning; ICS}, tags = {internet-of-production, rfc}, url = {https://jpennekamp.de/wp-content/papercite-data/pdf/wkw+23.pdf}, publisher = {Springer}, booktitle = {Proceedings of the 28th European Symposium on Research in Computer Security (ESORICS '23), September 25-29, 2023, The Hague, The Netherlands}, event_place = {The Hague, The Netherlands}, event_name = {28th European Symposium on Research in Computer Security (ESORICS '23)}, event_date = {September 25-29, 2023}, ISBN = {978-3-031-51475-3}, ISSN = {0302-9743}, DOI = {10.1007/978-3-031-51476-0_6}, reviewed = {1}, author = {Wolsing, Konrad and Kus, Dominik and Wagner, Eric and Pennekamp, Jan and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2023_pennekamp_benchmarking_comparison, title = {Designing Secure and Privacy-Preserving Information Systems for Industry Benchmarking}, year = {2023}, month = {6}, day = {15}, volume = {13901}, pages = {489-505}, abstract = {Benchmarking is an essential tool for industrial organizations to identify potentials that allows them to improve their competitive position through operational and strategic means. However, the handling of sensitive information, in terms of (i) internal company data and (ii) the underlying algorithm to compute the benchmark, demands strict (technical) confidentiality guarantees—an aspect that existing approaches fail to address adequately. Still, advances in private computing provide us with building blocks to reliably secure even complex computations and their inputs, as present in industry benchmarks. In this paper, we thus compare two promising and fundamentally different concepts (hardware- and software-based) to realize privacy-preserving benchmarks. Thereby, we provide detailed insights into the concept-specific benefits. Our evaluation of two real-world use cases from different industries underlines that realizing and deploying secure information systems for industry benchmarking is possible with today's building blocks from private computing.}, note = {Lecture Notes in Computer Science (LNCS), Volume 13901}, keywords = {real-world computing; trusted execution environments; homomorphic encryption; key performance indicators; benchmarking}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-industry-benchmarking.pdf}, publisher = {Springer}, booktitle = {Proceedings of the 35th International Conference on Advanced Information Systems Engineering (CAiSE '23), June 12-16, 2023, Zaragoza, Spain}, event_place = {Zaragoza, Spain}, event_name = {35th International Conference on Advanced Information Systems Engineering (CAiSE '23)}, event_date = {June 12-16, 2023}, ISBN = {978-3-031-34559-3}, ISSN = {0302-9743}, DOI = {10.1007/978-3-031-34560-9_29}, reviewed = {1}, author = {Pennekamp, Jan and Lohm{\"o}ller, Johannes and Vlad, Eduard and Loos, Joscha and Rodemann, Niklas and Sapel, Patrick and Fink, Ina Berenice and Schmitz, Seth and Hopmann, Christian and Jarke, Matthias and Schuh, G{\"u}nther and Wehrle, Klaus and Henze, Martin} } @Incollection { 2023_pennekamp_crd-a.i, title = {Evolving the Digital Industrial Infrastructure for Production: Steps Taken and the Road Ahead}, year = {2023}, month = {2}, day = {8}, pages = {35-60}, abstract = {The Internet of Production (IoP) leverages concepts such as digital shadows, data lakes, and a World Wide Lab (WWL) to advance today’s production. Consequently, it requires a technical infrastructure that can support the agile deployment of these concepts and corresponding high-level applications, which, e.g., demand the processing of massive data in motion and at rest. As such, key research aspects are the support for low-latency control loops, concepts on scalable data stream processing, deployable information security, and semantically rich and efficient long-term storage. In particular, such an infrastructure cannot continue to be limited to machines and sensors, but additionally needs to encompass networked environments: production cells, edge computing, and location-independent cloud infrastructures. Finally, in light of the envisioned WWL, i.e., the interconnection of production sites, the technical infrastructure must be advanced to support secure and privacy-preserving industrial collaboration. To evolve today’s production sites and lay the infrastructural foundation for the IoP, we identify five broad streams of research: (1) adapting data and stream processing to heterogeneous data from distributed sources, (2) ensuring data interoperability between systems and production sites, (3) exchanging and sharing data with different stakeholders, (4) network security approaches addressing the risks of increasing interconnectivity, and (5) security architectures to enable secure and privacy-preserving industrial collaboration. With our research, we evolve the underlying infrastructure from isolated, sparsely networked production sites toward an architecture that supports high-level applications and sophisticated digital shadows while facilitating the transition toward a WWL.}, keywords = {Cyber-physical production systems; Data streams; Industrial data processing; Industrial network security; Industrial data security; Secure industrial collaboration}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-iop-a.i.pdf}, publisher = {Springer}, series = {Interdisciplinary Excellence Accelerator Series}, booktitle = {Internet of Production: Fundamentals, Applications and Proceedings}, ISBN = {978-3-031-44496-8}, DOI = {10.1007/978-3-031-44497-5_2}, reviewed = {1}, author = {Pennekamp, Jan and Belova, Anastasiia and Bergs, Thomas and Bodenbenner, Matthias and B{\"u}hrig-Polaczek, Andreas and Dahlmanns, Markus and Kunze, Ike and Kr{\"o}ger, Moritz and Geisler, Sandra and Henze, Martin and L{\"u}tticke, Daniel and Montavon, Benjamin and Niemietz, Philipp and Ortjohann, Lucia and Rudack, Maximilian and Schmitt, Robert H. and Vroomen, Uwe and Wehrle, Klaus and Zeng, Michael} }