Abstract
We present an online monitoring tool for SCADA systems based on the network monitor Bro, which can be used locally at eld stations. The tool generates alerts when suspicious and erroneous commands and sensor readings are detected. It can hence be seen as a local Intrusion Detection System, as well as a safety enhancement. It maintains a model of the local system, which is updated with incoming packets containing sensor readings and commands. Focusing on the protocol IEC-104, a parser was developed and the packet content was directly fed into the system model. Adaptive policies are implemented in Bro, which formulate physical constraints and safety requirements and allow to check whether SCADA trac complies to these rules in real time. A case study with a real IEC-104 trac trace shows the feasibility of our approach.
Original language | English |
---|---|
Title of host publication | 5th International Symposium for ICS&SCADA Cyber Security Research (ICS-CSR 2018) |
Place of Publication | Hamburg |
Publisher | BCS Learning & Development Ltd. |
Pages | 112-121 |
Number of pages | 10 |
ISBN (Print) | 978-1-78017-454-9 |
Publication status | Published - 30 Aug 2018 |
Event | 5th International Symposium for ICS & SCADA Cyber Security Research , ICS-CSR 2018 - University of Hamburg, Hamburg, Germany Duration: 29 Aug 2018 → 30 Aug 2018 Conference number: 5 http://www.ics-csr.com/ |
Conference
Conference | 5th International Symposium for ICS & SCADA Cyber Security Research , ICS-CSR 2018 |
---|---|
Abbreviated title | ICS-CSR |
Country/Territory | Germany |
City | Hamburg |
Period | 29/08/18 → 30/08/18 |
Internet address |
Keywords
- Intrusion detection system
- Process-aware
- SCADA
- IDS
- Power distribution