SCADA (Supervisory Control and Data Acquisition) systems are computer systems used for monitoring and controlling industrial processes such as power plants and power grid systems, water, gas and oil distribution systems, production systems for food, cars and other products. We propose a new approach for regulating and detecting malicious behaviour of network devices in SCADA systems. Our approach consists of building proles that describe normal communication between pairs of devices in the network. Each prole describes four aspects of network communication: device ngerprint, connectivity pattern, pseudo-protocol pattern and packet content. We validate our approach using network trac from two real-life SCADA installations.
|Name||Lecture Notes in Computer Science|
|Conference||14th International Symposium on Recent Advances in Intrusion Detection|
|Abbreviated title||RAID 2011|
|Period||20/09/11 → 21/09/11|