Using Model-based Intrusion Detection for SCADA Networks


	Computer Science Laboratory

	Contact

	People at CSL

	Projects at CSL

	Research Programs

	Division Home

Using Model-based Intrusion Detection for SCADA Networks
by Dr. Steven Cheung, Dr. Bruno Dutertre, Martin Fong, Dr. Ulf Lindqvist, Keith Skinner & Alfonso Valdes.

From Proceedings of the SCADA Security Scientific Symposium.
Miami Beach, Florida,
January 2007.

Abstract

In a model-based intrusion detection approach for protecting SCADA networks, we construct models that characterize the expected/acceptable behavior of the system, and detect attacks that cause violations of these models. Process control networks tend to have static topologies, regular traffic patterns, and a limited number of applications and protocols running on them. Thus, we believe that model-based monitoring, which has the potential for detecting unknown attacks, is more feasible for control networks than for general enterprise networks. To this end, we describe three model-based techniques that we have developed and a prototype implementation of them for monitoring Modbus TCP networks.

BibT_EX Entry @InProceedings{Cheung:2007:SCADAIDS, author = "Steven Cheung and Bruno Dutertre and Martin Fong and Ulf Lindqvist and Keith Skinner and Alfonso Valdes", title = "Using Model-based Intrusion Detection for SCADA Networks", booktitle = "Proceedings of the SCADA Security Scientific Symposium", address = "Miami Beach, Florida", year = 2007, month = jan } Files

SCADA-IDS-S4-2007.pdf

About Us R&D Divisions Careers Newsroom Contact Us
© 2024 SRI International 333 Ravenswood Avenue, Menlo Park, CA 94025-3493
SRI International is an independent, nonprofit corporation. Privacy policy