Intrusion Detection Systems (IDS) in ICS: Supervisory Frameworks, Signature Versus Anomaly-Based Detection, and Architectural Design
摘要
In this chapter, we provide a detailed analysis of Intrusion Detection Systems (IDS) in Industrial Control Systems (ICS). The discussion covers types of misuse and anomaly detection, addressing physical, system, and remote intrusions, as well as abuse detection mechanisms. The chapter presents Network-based, Host-based, and Hybrid IDS, highlighting the importance of each IDS type. It also compares IDS with Intrusion Prevention Systems (IPS), delineating their advantages and features. Furthermore, both signature-based and anomaly-based detection techniques are examined, along with their respective strengths and weaknesses. The architecture of IDS and the related methods for risk supervision in ICS environments are also presented. With an understanding of these aspects, readers will be better equipped to defend critical infrastructure using effective Intrusion Detection Systems.