1. System-level cyber-attacks are very threat - behave like normal operations - including illegal operations by a SCADA operator 2. The proposed whitelisting IDS uses two whitelists - state transition whitelist: to inspect state transitions - traffic data whitelist: to inspect traffic data by the state 3. Proposed IDS has a strong possibility to detect system-level cyber-attacks with switching whitelist by system state.
展开▼