SCADA (Supervisory Control and Data Acquisition) systems are computer systems used for monitoring and controlling industrial processes such as power plants and power grid systems, water, gas and oil distribution systems, production systems for food, cars and other products. We propose a new approach for regulating and detecting malicious behaviour of network devices in SCADA systems. Our approach consists of building proles that describe normal communication between pairs of devices in the network. Each prole describes four aspects of network communication: device ngerprint, connectivity pattern, pseudo-protocol pattern and packet content. We validate our approach using network trac from two real-life SCADA installations.
|Number of pages||2|
|Publication status||Published - Sep 2011|
|Event||14th International Symposium on Recent Advances in Intrusion Detection - Menlo Park, United States|
Duration: 20 Sep 2011 → 21 Sep 2011
|Conference||14th International Symposium on Recent Advances in Intrusion Detection|
|Abbreviated title||RAID 2011|
|Period||20/09/11 → 21/09/11|