Smart Device Profiling for Smart SCADA

D. Hadziosmanovic; D. Bolzoni; Pieter H. Hartel

Smart Device Profiling for Smart SCADA

D. Hadziosmanovic, D. Bolzoni, Pieter H. Hartel

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic

Abstract

SCADA (Supervisory Control and Data Acquisition) systems are computer systems used for monitoring and controlling industrial processes such as power plants and power grid systems, water, gas and oil distribution systems, production systems for food, cars and other products. We propose a new approach for regulating and detecting malicious behaviour of network devices in SCADA systems. Our approach consists of building proles that describe normal communication between pairs of devices in the network. Each prole describes four aspects of network communication: device ngerprint, connectivity pattern, pseudo-protocol pattern and packet content. We validate our approach using network trac from two real-life SCADA installations.

Original language	Undefined
Title of host publication	14th International Symposium on Recent Advances in Intrusion Detection, RAID 2011
Place of Publication	Berlin
Publisher	Springer
Pages	-
Number of pages	2
Publication status	Published - 1 Sept 2011
Event	14th International Symposium on Recent Advances in Intrusion Detection - Menlo Park, United States Duration: 20 Sept 2011 → 21 Sept 2011

Publication series

Name	Lecture Notes in Computer Science

Conference

Conference	14th International Symposium on Recent Advances in Intrusion Detection
Abbreviated title	RAID 2011
Country/Territory	United States
City	Menlo Park
Period	20/09/11 → 21/09/11

Keywords

METIS-279183

Cite this

@inproceedings{c5d64982144b4817a5116738e7f69662,

title = "Smart Device Profiling for Smart SCADA",

abstract = "SCADA (Supervisory Control and Data Acquisition) systems are computer systems used for monitoring and controlling industrial processes such as power plants and power grid systems, water, gas and oil distribution systems, production systems for food, cars and other products. We propose a new approach for regulating and detecting malicious behaviour of network devices in SCADA systems. Our approach consists of building proles that describe normal communication between pairs of devices in the network. Each prole describes four aspects of network communication: device ngerprint, connectivity pattern, pseudo-protocol pattern and packet content. We validate our approach using network trac from two real-life SCADA installations.",

keywords = "METIS-279183",

author = "D. Hadziosmanovic and D. Bolzoni and Hartel, {Pieter H.}",

year = "2011",

month = sep,

day = "1",

language = "Undefined",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "--",

booktitle = "14th International Symposium on Recent Advances in Intrusion Detection, RAID 2011",

address = "Germany",

note = "14th International Symposium on Recent Advances in Intrusion Detection ; Conference date: 20-09-2011 Through 21-09-2011",

}

TY - GEN

T1 - Smart Device Profiling for Smart SCADA

AU - Hadziosmanovic, D.

AU - Bolzoni, D.

AU - Hartel, Pieter H.

PY - 2011/9/1

Y1 - 2011/9/1

N2 - SCADA (Supervisory Control and Data Acquisition) systems are computer systems used for monitoring and controlling industrial processes such as power plants and power grid systems, water, gas and oil distribution systems, production systems for food, cars and other products. We propose a new approach for regulating and detecting malicious behaviour of network devices in SCADA systems. Our approach consists of building proles that describe normal communication between pairs of devices in the network. Each prole describes four aspects of network communication: device ngerprint, connectivity pattern, pseudo-protocol pattern and packet content. We validate our approach using network trac from two real-life SCADA installations.

AB - SCADA (Supervisory Control and Data Acquisition) systems are computer systems used for monitoring and controlling industrial processes such as power plants and power grid systems, water, gas and oil distribution systems, production systems for food, cars and other products. We propose a new approach for regulating and detecting malicious behaviour of network devices in SCADA systems. Our approach consists of building proles that describe normal communication between pairs of devices in the network. Each prole describes four aspects of network communication: device ngerprint, connectivity pattern, pseudo-protocol pattern and packet content. We validate our approach using network trac from two real-life SCADA installations.

KW - METIS-279183

M3 - Conference contribution

T3 - Lecture Notes in Computer Science

SP - -

BT - 14th International Symposium on Recent Advances in Intrusion Detection, RAID 2011

PB - Springer

CY - Berlin

T2 - 14th International Symposium on Recent Advances in Intrusion Detection

Y2 - 20 September 2011 through 21 September 2011

ER -