| Computer Science Laboratory | |
| Contact | |
 | People at CSL |
| Projects at CSL |
| Research Programs |
| Division Home | |
 Using Model-based Intrusion Detection for SCADA Networks by Dr. Steven Cheung, Dr. Bruno Dutertre, Martin Fong, Dr. Ulf Lindqvist, Keith Skinner & Alfonso Valdes. From Proceedings of the SCADA Security Scientific Symposium. Abstract In a model-based intrusion detection approach for protecting SCADA networks, we construct models that characterize the expected/acceptable behavior of the system, and detect attacks that cause violations of these models. Process control networks tend to have static topologies, regular traffic patterns, and a limited number of applications and protocols running on them. Thus, we believe that model-based monitoring, which has the potential for detecting unknown attacks, is more feasible for control networks than for general enterprise networks. To this end, we describe three model-based techniques that we have developed and a prototype implementation of them for monitoring Modbus TCP networks.Files |
||||
About Us 
R&D Divisions
Careers
Newsroom
Contact Us
©
2013 SRI International 333 Ravenswood Avenue, Menlo Park, CA 94025-3493
SRI International is an independent, nonprofit corporation. Privacy policy