Detecting intrusions in encrypted control traffic

@inproceedings{Hoeve2013DetectingII,
  title={Detecting intrusions in encrypted control traffic},
  author={Maarten Hoeve},
  booktitle={SEGS@CCS},
  year={2013}
}
Because of a lack of attack signatures and different forms of attacks, signature-based network intrusion detection systems currently provide insufficient protection for industrial control traffic. A combination of two anomaly detection approaches found in the literature, one based on network flows and the other on protocol specific deep-packet inspection, seems to be able to detect many expected threats. Deep-packet inspection cannot be used however, when payloads cannot be read because they… CONTINUE READING