Cyber-Security Dashboard: An Extensible Intrusion Detection System for Distributed Controls Systems
Abstract
Modern reliance on computer networks and networked devices introduces many avenues for cyber attacks. Faster intrusion detection enables faster responses which minimizes successful attacks. However, current intrusion detection systems (IDSs) primarily focus on detecting attacks on a single system which limits scalability to distributed systems. In addition, traditional IDSs often neglect consistent validation measures. Consequently, this leads to discrepancies in terms of effectiveness, as IDSs may perform well theoretically but fail to detect certain attacks in real-world applications. This paper identifies the strengths and weaknesses of various research and state-of-the-art IDS solutions and propose an extensible IDS(eIDS). This new system addresses current drawbacks by adding scalability and modularity to a traditional IDS. eIDS provides scalability through remote agents that allow end users to secure multiple network connected devices from a single server. Also, eIDS provides modularity by separating different features of an IDS and allowing end users to modify them through a standardized application programming interface (API). End users can develop their own modules of types input parsing, processing, data analysis, and action. Input parsing allows for different data inputs. Processing modules perform arbitrary manipulation of data such as feature extraction, feature selection, and data conversion. Data analysis provides end-users the flexibility to change the underlying machine learning (ML) IDS algorithms from a pre-selected list or provide their own. Lastly, actions allow users to customize what remote agents will do. Combining all these additional features provides a robust IDS that is extensible for various distributed control systems.
