Scribd
Upload
74 views1 page

ICS Purdue Model Architecture. Download Scientific Diagram

The document discusses industrial control system (ICS) testbeds and datasets for security research. It describes the Purdue model architecture for ICS networks which divides the network into enterprise, demilitarized, and control zones. It also mentions several ICS testbeds including a simulation tool based on the Tennessee Eastman process and the SANS Institute's city-scale critical infrastructure testbed. The document stresses that testbeds should allow efficient data collection to produce representative datasets and integrate intrusion detection systems to validate case studies.

Uploaded by

Peshin Kunal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
74 views1 page

ICS Purdue Model Architecture. Download Scientific Diagram

The document discusses industrial control system (ICS) testbeds and datasets for security research. It describes the Purdue model architecture for ICS networks which divides the network into enterprise, demilitarized, and control zones. It also mentions several ICS testbeds including a simulation tool based on the Tennessee Eastman process and the SANS Institute's city-scale critical infrastructure testbed. The document stresses that testbeds should allow efficient data collection to produce representative datasets and integrate intrusion detection systems to validate case studies.

Uploaded by

Peshin Kunal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Recruit researchers Join for free Login

Fig 1 - uploaded by Federico Turrin Download View publication


Content may be subject to copyright.

ICS Purdue Model architecture.

Source publication

+4

A Survey on Industrial Control System Testbeds and Datasets for Security Research

Preprint Full-text available Feb 2021

Mauro Conti · Denis Donadel · Federico Turrin

The increasing digitization and interconnection of legacy Industrial Control Systems (ICSs) open new
vulnerability surfaces, exposing such systems to malicious attackers. Furthermore, since ICSs are often
employed in critical infrastructures (e.g., nuclear plants) and manufacturing companies (e.g., chemical
industries), attacks can lead to devastat...

Cite Download full-text

Contexts in source publication

Context 1

... reference architecture of the ICS is the Purdue Model [21], [26]. As depicted in Figure 1, the Purdue module
divides an ICS network into logical segments with similar functions or similar requirements: 1) Enterprise Zone, or
IT network, includes the traditional IT devices and systems such as the logistic business systems and the
enterprise network. 2) Demilitarized Zone (DMZ) controls the exchange of data between the Control Zone and the
Enterprise Zone, managing the connection between the IT and the OT networks in a secure way; 3) Control Zone,
sometimes also referred to as OT network, includes systems and equipment for monitoring, controlling, and
maintaining the automated operation of the logistic and physical processes. ...

View in full-text

Context 2

... is possible to enforce ICS security by implementing security-by-design network architectures. For instance, it is
possible to use DMZ as specified in the Purdue Model (Figure 1), enforcing network separation and segregation.
Furthermore, boundary protections and firewalls with ICSspecific rules help protect an ICS from external attacks.
...

View in full-text

Context 3

... [115] is a graphical and open-source [116] ICS simulation tool based on the Tennessee Eastman process
(Figure 10). Currently, the testbed is designed for educational purposes and allows only the use of pre-defined
functions. ...

View in full-text

Context 4

... Testbed [65], [171] is a physical representation of an entire city (Figure 11) developed by the SANS Institute to
test security measures on the ICS field. It includes a bank simulation, a hospital, a power plant, a train station, a
water town, and many other available infrastructures. ...

View in full-text

Context 5

... the designing phase of each of the three resources, the designer must consider the final use of such resources
and the other two resources' requirements in future integration. Figure 12 graphically represents the relation
between the three resources. More precisely, a testbed should allow an efficient data collection to produce a well
representative dataset and integrate IDSs to validate the case studies in a real scenario. ...

View in full-text

Context 6

... by Integrates Fig. 12: Relations between Testbed, Dataset, and IDS. and iii) Education, to use the testbed to
educate students, researchers, and stakeholders. Every scope implies different requirements to deal with and
different funding. For instance, if a testbed is specifically designed for IDS development, the authors must consider
developing an attack ...

View in full-text

Context 7

... reference architecture of the ICS is the Purdue Model [21], [26]. As depicted in Figure 1, the Purdue module
divides an ICS network into logical segments with similar functions or similar requirements: 1) Enterprise Zone, or
IT network, includes the traditional IT devices and systems such as the logistic business systems and the
enterprise network. 2) Demilitarized Zone (DMZ) controls the exchange of data between the Control Zone and the
Enterprise Zone, managing the connection between the IT and the OT networks in a secure way; 3) Control Zone,
sometimes also referred to as OT network, includes systems and equipment for monitoring, controlling, and
maintaining the automated operation of the logistic and physical processes. ...

View in full-text

Context 8

... is possible to enforce ICS security by implementing security-by-design network architectures. For instance, it is
possible to use DMZ as specified in the Purdue Model (Figure 1), enforcing network separation and segregation.
Furthermore, boundary protections and firewalls with ICSspecific rules help protect an ICS from external attacks.
...

View in full-text

Context 9

... [115] is a graphical and open-source [116] ICS simulation tool based on the Tennessee Eastman process
(Figure 10). Currently, the testbed is designed for educational purposes and allows only the use of pre-defined
functions. ...

View in full-text

Context 10

... Testbed [65], [171] is a physical representation of an entire city (Figure 11) developed by the SANS Institute to
test security measures on the ICS field. It includes a bank simulation, a hospital, a power plant, a train station, a
water town, and many other available infrastructures. ...

View in full-text

Context 11

... the designing phase of each of the three resources, the designer must consider the final use of such resources
and the other two resources' requirements in future integration. Figure 12 graphically represents the relation
between the three resources. More precisely, a testbed should allow an efficient data collection to produce a well
representative dataset and integrate IDSs to validate the case studies in a real scenario. ...

View in full-text

Context 12

... by Integrates Fig. 12: Relations between Testbed, Dataset, and IDS. and iii) Education, to use the testbed to
educate students, researchers, and stakeholders. Every scope implies different requirements to deal with and
different funding. For instance, if a testbed is specifically designed for IDS development, the authors must consider
developing an attack ...

View in full-text

Join ResearchGate to find the people and research you need to help your work

25+ million members


160+ million publication pages
2.3+ billion citations

Join for free

Company Support

About us Help Center

News

Careers

Business solutions

Advertising

Recruiting

© 2008-2023 ResearchGate GmbH. All rights reserved. Terms · Privacy · Copyright · Imprint

You might also like