State-based firewall for industrial protocols with critical-state prediction monitor

Traditional cyber-security countermeasures are inadequate for protecting modern Industrial Critical Infrastructures. In this paper we present an innovative filtering technique for industrial protocols based on the state analysis of the system being monitored. Since we focus our attention on the system behavior rather than on modeling the behavior of the possible attackers, this approach enables the detection of previously unknown attacks. Moreover, we introduce the concept of Critical State Prediction, function that is used for anticipating the evolution of the system towards possible critical states. Finally we provide experimental comparative results that confirm the validity of the proposed approach.