Industrial systems present security risk factors related to their cyber vulnerabilities. These systems spread out over the world, continue to be targets of attacks. While industrial systems share common vulnerabilities with Information Technology (IT) systems, they tend to have more constraints due to the interaction between cyber and physical systems. Intrusion detection systems give visibility to the system and are considered to be one of the solutions to detect targeting attacks. Hence, it seems relevant to rely on a physical model of the cyber???physical system to obtain an intrusion detection system (IDS) for industrial systems. Most IDSs are based on rules that define how potential attacks are detected. These rules are generally used to describe either the normal system behavior or potential attack scenarios. However, manually creating and maintaining rules for a complex Cyber???Physical system or ICS can prove to be a very tedious and difficult task. This paper proposes a solution to model ICSs and design specific IDSs for ICSs. A model-based IDS rules generator is proposed, which converts a system model into anomaly-based IDS rules. Finally, the effectiveness of the generated rules is evaluated.
展开▼