Whitelisting for Critical IT-Based Infrastructure

YoungHwa JANG  InCheol SHIN  Byung-gil MIN  Jungtaek SEO  MyungKeun YOON  

Publication
IEICE TRANSACTIONS on Communications   Vol.E96-B   No.4   pp.1070-1074
Publication Date: 2013/04/01
Online ISSN: 1745-1345
DOI: 10.1587/transcom.E96.B.1070
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Network Management/Operation
Keyword: 
traffic monitoring,  network management,  SCADA,  

Full Text: PDF(81.6KB)>>
Buy this Article




Summary: 
Critical infrastructures are falsely believed to be safe when they are isolated from the Internet. However, the recent appearance of Stuxnet demonstrated that isolated networks are no longer safe. We observe that a better intrusion detection scheme can be established based on the unique features of critical infrastructures. In this paper, we propose a whitelist-based detection system. Network and application-level whitelists are proposed, which are combined to form a novel cross-layer whitelist. Through experiments, we confirm that the proposed whitelists can exactly detect attack packets, which cannot be achieved by existing schemes.