Hybrid-Augmented Device Fingerprinting for Intrusion Detection in Industrial Control System Networks

An increasing number of wireless intelligent equipment is applied to ICS networks. However, it is virtually impossible to use regular encryption methods and security patches to enhance the security level of legacy equipment in ICS networks due to weak computing and storage capabilities of the equipment. To address these concerns, a hybrid-augmented device fingerprinting approach is developed to enhance traditional intrusion detection mechanisms in the ICS network. Taking the advantage of the simplicity of the program process and stability of hardware configurations, we first measure inter-layer data response processing time, and then analyze network traffic to filter abnormal packets to achieve the intrusion classification and detection in ICS networks. The device fingerprinting- based intrusion classification and detection approach is evaluated using the data collected from a lab-level micro-grid, and forgery attacks and intrusions are launched against the proposed method to investigate its robustness and effectiveness.