Timing-based Anomaly Detection in SCADA Networks
نویسندگان
چکیده
Supervisory Control and Data Acquisition (SCADA) systems that operate our critical infrastructures are subject to increased cyber attacks. Due to the use of request-response communication in polling, SCADA traffic exhibits stable and predictable communication patterns. This paper provides a timing-based anomaly detection system that uses the statistical attributes of the communication patterns. This system is validated with three datasets, one generated from real devices and two from emulated networks, and is shown to have a False Positive Rate (FPR) under 1.4%. The tests are performed in the context of three different attack scenarios, which involve valid messages so they cannot be detected by whitelisting mechanisms. The detection accuracy and timing performance are adequate for all the attack scenarios in request-response communications. With other interaction patterns (i.e. spontaneous communications), we found instead that 2 out of 3 attacks are detected.
منابع مشابه
A Review of SCADA Anomaly Detection Systems
The security of critical infrastructures is decreasing due to the apparition of new cyber threats against Supervisory Control and Data Acquisition (SCADA) systems. The evolution they have experienced; the use of standard hardware and software components or the increase of interconnected devices in order to reduce costs and improve efficiency, have contributed to this. This work reviews the rese...
متن کاملAnomaly Detection in SCADA Systems A Network Based Approach
Supervisory Control and Data Acquisition (SCADA) networks are commonly deployed to aid the operation of large industrial facilities, such as water treatment and distribution facilities, and electricity and gas providers. Historically, SCADA networks were composed by special-purpose embedded devices communicating through proprietary protocols. However, three main trends can be observed in modern...
متن کاملSafeguarding SCADA Systems with Anomaly Detection
This paper will show how the accuracy and security of SCADA systems can be improved by using anomaly detection to identify bad values caused by attacks and faults. The performance of invariant induction and ngram anomaly-detectors will be compared and this paper will also outline plans for taking this work further by integrating the output from several anomalydetecting techniques using Bayesian...
متن کاملAnomaly-Based Intrusion Detection for SCADA Systems
Most critical infrastructure such as chemical processing plants, electrical generation and distribution networks, and gas distribution is monitored and controlled by Supervisory Control and Data Acquisition Systems (SCADA). These systems have been the focus of increased security and there are concerns that they could be the target of international terrorists. With the constantly growing number ...
متن کاملStealthy Deception Attacks Against SCADA Systems
SCADA protocols for Industrial Control Systems (ICS) are vulnerable to network attacks such as session hijacking. Hence, research focuses on network anomaly detection based on meta–data (message sizes, timing, command sequence), or on the state values of the physical process. In this work we present a class of semantic network-based attacks against SCADA systems that are undetectable by the abo...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2017