Detecting intrusions in encrypted control traffic

  title={Detecting intrusions in encrypted control traffic},
  author={Maarten Hoeve},
Because of a lack of attack signatures and different forms of attacks, signature-based network intrusion detection systems currently provide insufficient protection for industrial control traffic. A combination of two anomaly detection approaches found in the literature, one based on network flows and the other on protocol specific deep-packet inspection, seems to be able to detect many expected threats. Deep-packet inspection cannot be used however, when payloads cannot be read because they… CONTINUE READING