The use of IDS in ICS systems has become a standard solution approach for security. There are many variables in the network models of these systems. Current IDSs; They work rule-based, anomaly-based or both anomaly and rule-based. The solutions to be proposed for the development of such IDSs encountered in ICS systems are extremely important. A rule-based IDS subjects all traffic to a set of rules. An anomaly-based IDS uses machine learning to dynamically create new detection algorithms based on traffic. Both systems can analyze traffic as good or bad. It can play a very important role in protecting a system or network from attacks. Many IDS systems today are AI-based due to technology developed for both network security teams and cybercriminals. But as threats develop dynamically, it becomes increasingly difficult to write a set of rules for these machines to comply with. Many researchers who see this difficulty are developing honeypot methods. When an attack is detected, it redirects that attack to fake areas, monitors the attacker's behavior, and takes action accordingly. Companies are updated with Industry 4.0. In this IDS project we have prepared, the full security of ICS devices and the protection of data integrity will be ensured.
Within the scope of this project, an intrusion detection system (IDS) will be developed to ensure the cyber security of devices used in critical infrastructures. Unlike IDSs used in information systems, this IDS that we will develop; a system that can operate at the highest level of efficiency and that can separate alarms according to their levels will be developed. Detects devices on the network, preserves data integrity in network traffic, generates alarms according to levels; a multi-controlled management that can communicate securely with other IDS via third channel will be provided. In case of a problem in one of the IDS, data transfer will be provided to the other IDS; control of all IDS will be provided with master IDS, and control of Master IDS will be provided with other IDS. Whether all machines are applied to physical attacks with the "access control" method will be ensured by control packets that will be sent from time to time. Initially, our rule-based project will evolve with the addition of artificial intelligence machine learning. Thus, there will be task sharing, both the workload of artificial intelligence will be reduced, and the load of the rule-based IDS will decrease.
As a result of this project, it will be ensured that the security of critical infrastructures, which they prioritize in their cyber security strategies for countries, economic contributions to the country will increase due to its domestic and national, the country's power in the global market will increase with the export of the product, and fast and effective detection of attacks will be ensured.
deneme12321312