TU Darmstadt / ULB / TUprints

A Framework for Network Intrusion Detection on Open Platform Communications Unified Architecture

Bortoli, Tomas (2017)
A Framework for Network Intrusion Detection on Open Platform Communications Unified Architecture.
Technische Universität Darmstadt
Master Thesis, Primary publication

[img]
Preview
A Framework for Network Intrusion Detection on Open Platform Communications Unified Architecture - Text
TUDthesis-2.pdf - Draft Version
Copyright Information: CC BY-SA 4.0 International - Creative Commons, Attribution ShareAlike.

Download (2MB) | Preview
Item Type: Master Thesis
Type of entry: Primary publication
Title: A Framework for Network Intrusion Detection on Open Platform Communications Unified Architecture
Language: English
Referees: Waidner, Prof. Dr. Michael ; Weber, Dr. Frank ; Larbig, Pedro
Date: 21 September 2017
Place of Publication: Darmstadt
Date of oral examination: 21 September 2017
Abstract:

Open Platform Communications Unified Architecture (OPC UA) is a Machine to Machine (M2M) communication standard, first released in 2008 as the evolution of OPC, created for Industrial Control Systems (ICS) and Internet of Things (IoT) programming. It was designed to create an abstract model on which any information exchange in form of structured data can be implemented. Industry and state actors use it to control factories and plants thus putting OPC UA dependent software in a critical security position. In December 2015, the German Federal Office for Information Security proved that an official reference implementation of OPC UA contained security flaws in the code that could compromise, if exploited, industrial machineries and other dependent systems [49]. Cyber attacks in ICS may be extremely expensive because of the critical processes which they aim to stop. This thesis proposes a Network Intrusion Detection System (NIDS) based solution to monitor malicious computer attacks on OPC UA. This work develops a plug-in for the dynamic Bro NIDS to support OPC UA based protocols, therefore it creates an Application Programming Interface (API) that can be used to write Turing complete security policies in the Bro language. Furthermore, policy scripts have been implemented to detect the exploitation of flaws and standard inconsistencies found in the analysis [49]. In addition, the parser is also able to detect malformed packets, also sources of attacks in general and those identified in [49]. The result has been tested and evaluated in efficiency, security and standard coverage terms. The aim of this project is to suggest the use of an additional tool that might be used by Computer Emergency Response Teams (CERTs) to investigate any attack and in order to safeguard OPC UA dependent machines.

URN: urn:nbn:de:tuda-tuprints-68029
Divisions: 18 Department of Electrical Engineering and Information Technology
Date Deposited: 28 Nov 2019 08:40
Last Modified: 09 Jul 2020 01:51
URI: https://tuprints.ulb.tu-darmstadt.de/id/eprint/6802
PPN: 456219250
Export:
Actions (login required)
View Item View Item