Specification Mining for Intrusion Detection in Networked Control Systems

Network Intrusion Detection in a Nutshell 8/17/2016 Usenix Security Symposium 2 • From anomaly-based to specification-based • Not all infrastructures come with specifications • Deploying these IDSs requires substantial human effort Our goal We aim to ease the deployment of a specification-based IDS by automating the creation of its specification rules 8/17/2016 Usenix Security Symposium 5