Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to Detect Attacks and Supervise Rail Systems?

Published byEtta Burgstaller Modified over 5 years ago

Similar presentations

Presentation on theme: "How to Detect Attacks and Supervise Rail Systems?"— Presentation transcript:

1 How to Detect Attacks and Supervise Rail Systems?
CYRAIL Final Conference Paris, How to Detect Attacks and Supervise Rail Systems? Taha Abdelmoutaleb Cherfia fortiss

2 Assessment of Existing IDS Solutions
Identifying and analyzing the current open source and commercial intrusion detection solutions for IT and OT systems.

3 Intrusion Detection Intrusion detection is the process of monitoring the events occurring in a computer system or network and analysing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Analysis Collection Response

4 Intrusion Detection System
An intrusion detection system (IDS) is a hardware/software that automates the intrusion detection process.

5 IDS Characteristics An intrusion detection system has to fulfil the following requirements: Accuracy: IDS must detect and distinguish malicious activities from the legitimate ones. Performance: IDS must be able to perform real-time intrusion detection. Completeness: IDS should not fail to detect and intrusion. Fault tolerance: IDS must itself be resistant and robust against malicious attacks. Scalability: IDS must be able to monitor the worst-case number of events in a large network topology

6 IDS Taxonomy Host-based Intrusion Detection System (HIDS): HIDS is a software application which resides on and monitors a single host and the events occurring within that host for malicious activities. Network-based Intrusion Detection System (NIDS): NIDS is a standalone hardware device that monitors networks traffic for particular network segments or devices to identify malicious activities.

7 Intrusion Detection Methodologies
Signature-based intrusion detection is the process of comparing signatures against observed events to identify possible incidents. Anomaly-based intrusion detection is the process of comparing definitions of what activity is considered normal against observed events to identify significant deviations. Audit Data Knowledge Base Attack Match ? Audit Data Knowledge Base Attack Statistically Anomalous?

8 Technical Assessment Exhaustive study on current intrusion detection solutions to assess their applicability to railways. HIDS NIDS . HYBRID IDS UTM Firewalls CyRail – Internal Review © fortiss GmbH March 08, 2018

9 Technical Assessment 26 open-source and commercial intrusion detection solutions 8 5 13 Open-source and Commercial IT solutions Commercial IT + OT solutions Industrial-focused solutions

10 Assessment Criteria Asset Discovery Type Protocol Country
Response Capacity Maturity Solution Detection Mode Integration Capacity

11 Railways IDS Solutions
Country: Israel Type: Industrial Detection Mode: Anomaly Protocol: Unknown Asset : Unknown Response : Yes Integration: Unknown Maturity: Weak Country: Israel Type: Industrial Detection Mode: Hybrid Protocol: DPI / OT Asset : Yes Response : Yes Integration: SIEM Maturity: Good Country: United Kingdom Type: Industrial Detection Mode: Anomaly Protocol: N/A Asset Discovery: N/A Response : Yes Integration: SIEM Maturity: Weak Country: France Type: Industrial Detection Mode: Anomaly Protocol: DPI / OT Asset Discovery: Yes Response : Unknown Integration: SIEM Maturity: Medium Cylus RadiFlow RazorSecure Sentryo

12 Deployment of Intrusion Detection Solutions
Proposing a flexible deployment scheme of the intrusion detection solutions on the different zones of CyRail’s operational scenario.

13 NIDS Solutions 1 = NIDS for CI 1
NIDS monitoring internet networks for critical infrastructures They are designed by cyber security experts and then implement attack detection rules (attack patterns and behaviour). They have to be deployed in a way they can analyse the IN/OUT internet network traffic. Eg. GateWatcher and KeelbackNet. 1 Network-based Intrusion Detection System

14 Industrial NIDS Solutions
Specialized in the industrial protocols, based on operational knowledge of the processes and communications. They are mostly designed to detect anomalies. Eg. Claroty, Cyberbit, CyberX, Cylus, Cypres, ICS², Indegy, NexDefense, Nozomi, Radiflow, SecurityMatters and Sentryo. 2 Network-based Intrusion Detection System

15 HIDS Solutions 3 = HIDS 3 Host-based Intrusion Detection System
Eg. RazorSecure. 3

16 FW/IPS Solutions 4 = FW/IPS 4 Firewall Intrusion Prevention System
Located at the border of a zone. E.g. Stormshield. 4

17 IT NIDS Solutions 5 = IT NIDS 5 Intrusion Detection System
IT-extended IDS They can fit IT networks monitoring, due to their origin. Their capability to address industrial networks is more limited than industrial NIDS. Eg. Checkpoint, TippingPoint, Cisco IPS, Fortinet, Forcepoint, Leidos and Juniper. Intrusion Detection System

18 Deployment of Intrusion Detection Solutions
1 = NIDS for CI 5 2 = Industrial NIDS 1 3 = HIDS 2 4 = FW/IPS 4 3 5 = IT NIDS

19 Facts and Figures Europe has a strong representation of industrial IDS companies. Most Industrial IDS vendors are recent SMEs. Fast growing market, but not mature enough yet.

Download ppt "How to Detect Attacks and Supervise Rail Systems?"

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
IDS/IPS Definition and Classification

IDS/IPS Definition and Classification
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.

Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
seminar on Intrusion detection system

seminar on Intrusion detection system
By Edith Butler Fall 2008. Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering

Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]

Intrusion Detection System Marmagna Desai [ 520 Presentation]
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.

Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.

Similar presentations

Ads by Google