onr:"swepub:oai:DiVA.org:liu-161757"
Search: onr:"swepub:oai:DiVA.org:liu-161757" > Timing Patterns and...
- 1 of 1
- Previous record
- Next record
- To hitlist
Timing Patterns and Correlations in Spontaneous SCADA Traffic for Anomaly Detection
-
- Lin, Chih-Yuan, 1987- (author)
- Linköpings universitet,Programvara och system,Tekniska fakulteten,Real-time Systems Laboratory
-
- Nadjm-Tehrani, Simin, 1958- (author)
- Linköpings universitet,Programvara och system,Tekniska fakulteten,Real-time Systems Laboratory
- (creator_code:org_t)
- USENIX - The Advanced Computing Systems Association, 2019
- 2019
- English.
- In: PROCEEDINGS OF THE 22ND INTERNATIONAL SYMPOSIUM ON RESEARCH IN ATTACKS, INTRUSIONS AND DEFENSES. - : USENIX - The Advanced Computing Systems Association. - 9781939133076 ; , s. 73-88
- Conference paper (peer-reviewed)
Abstract
Subject headings
Close
- Supervisory Control and Data Acquisition (SCADA) systems operate critical infrastructures in our modern society despite their vulnerability to attacks and misuse. There are several anomaly detection systems based on the cycles of polling mechanisms used in SCADA systems, but the feasibility of anomaly detection systems based on non-polling traffic, so called spontaneous events, is not well-studied. This paper presents a novel approach to modeling the timing characteristics of spontaneous events in an IEC-60870-5-104 network and exploits the model for anomaly detection. The system is tested with a dataset from a real power utility with injected timing effects from two attack scenarios. One attack causes timing anomalies due to persistent malfunctioning in the field devices, and the other generates intermittent anomalies caused by malware on the field devices, which is considered as stealthy. The detection accuracy and timing performance are promising for all the experiments with persistent anomalies. With intermittent anomalies, we found that our approach is effective for anomalies in low-volume traffic or attacks lasting over 1 hour.
Subject headings
- NATURVETENSKAP -- Data- och informationsvetenskap -- Datorteknik (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Computer Engineering (hsv//eng)
Keyword
- Anomaly detection
- SCADA systems
- IEC-60870-5-104
- Critical infrastructure
Publication and Content Type
- ref (subject category)
- kon (subject category)
Find in a library
- PROCEEDINGS OF THE 22ND INTERNATIONAL SYMPOSIUM ON RESEARCH IN ATTACKS, INTRUSIO... (Search for host publication in LIBRIS)
To the university's database
- 1 of 1
- Previous record
- Next record
- To hitlist
Find more in SwePub
- By the author/editor
- Lin, Chih-Yuan, ...
- Nadjm-Tehrani, S ...
- About the subject
-
- NATURAL SCIENCES
- NATURAL SCIENCES
- and Computer and Inf ...
- and Computer Enginee ...
- Articles in the publication
- PROCEEDINGS OF T ...
- By the university
- Linköping University
Search outside SwePub
- Extend your search to:
- Google Book Search
- Google Scholar
Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.
- Copyright © LIBRIS - National Library Systems
- LIBRIS.kb.se
