Sökning: WFRF:(Lin Chih Yuan 1987 ) >
Timing Patterns and...
-
Lin, Chih-Yuan,1987-Linköpings universitet,Programvara och system,Tekniska fakulteten,Real-time Systems Laboratory
(författare)
Timing Patterns and Correlations in Spontaneous SCADA Traffic for Anomaly Detection
- Artikel/kapitelEngelska2019
Förlag, utgivningsår, omfång ...
-
USENIX - The Advanced Computing Systems Association,2019
-
printrdacarrier
Nummerbeteckningar
-
LIBRIS-ID:oai:DiVA.org:liu-161757
-
https://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-161757URI
Kompletterande språkuppgifter
-
Språk:engelska
-
Sammanfattning på:engelska
Ingår i deldatabas
Klassifikation
-
Ämneskategori:ref swepub-contenttype
-
Ämneskategori:kon swepub-publicationtype
Anmärkningar
-
Funding Agencies: Swedish Civil Contingencies Agency (MSB) through the RICS project
-
Supervisory Control and Data Acquisition (SCADA) systems operate critical infrastructures in our modern society despite their vulnerability to attacks and misuse. There are several anomaly detection systems based on the cycles of polling mechanisms used in SCADA systems, but the feasibility of anomaly detection systems based on non-polling traffic, so called spontaneous events, is not well-studied. This paper presents a novel approach to modeling the timing characteristics of spontaneous events in an IEC-60870-5-104 network and exploits the model for anomaly detection. The system is tested with a dataset from a real power utility with injected timing effects from two attack scenarios. One attack causes timing anomalies due to persistent malfunctioning in the field devices, and the other generates intermittent anomalies caused by malware on the field devices, which is considered as stealthy. The detection accuracy and timing performance are promising for all the experiments with persistent anomalies. With intermittent anomalies, we found that our approach is effective for anomalies in low-volume traffic or attacks lasting over 1 hour.
Ämnesord och genrebeteckningar
Biuppslag (personer, institutioner, konferenser, titlar ...)
-
Nadjm-Tehrani, Simin,1958-Linköpings universitet,Programvara och system,Tekniska fakulteten,Real-time Systems Laboratory(Swepub:liu)simna73
(författare)
-
Linköpings universitetProgramvara och system
(creator_code:org_t)
Sammanhörande titlar
-
Ingår i:PROCEEDINGS OF THE 22ND INTERNATIONAL SYMPOSIUM ON RESEARCH IN ATTACKS, INTRUSIONS AND DEFENSES: USENIX - The Advanced Computing Systems Association, s. 73-889781939133076
Internetlänk
Hitta via bibliotek
Till lärosätets databas