SRI Logo
About Us|R and D Divisions|Careers|Newsroom|Contact Us|SRI Home
  SRI Logo

Using Model-based Intrusion Detection for SCADA Networks
 by Dr. Steven Cheung, Dr. Bruno Dutertre, Martin Fong, Dr. Ulf Lindqvist, Keith Skinner & Alfonso Valdes.

From Proceedings of the SCADA Security Scientific Symposium.
Miami Beach, Florida,
January 2007.

In a model-based intrusion detection approach for protecting SCADA networks, we construct models that characterize the expected/acceptable behavior of the system, and detect attacks that cause violations of these models. Process control networks tend to have static topologies, regular traffic patterns, and a limited number of applications and protocols running on them. Thus, we believe that model-based monitoring, which has the potential for detecting unknown attacks, is more feasible for control networks than for general enterprise networks. To this end, we describe three model-based techniques that we have developed and a prototype implementation of them for monitoring Modbus TCP networks.
BibTEX Entry
  author =       "Steven Cheung and Bruno Dutertre and Martin Fong and
                  Ulf Lindqvist and Keith Skinner and Alfonso Valdes",
  title =        "Using Model-based Intrusion Detection for SCADA Networks",
  booktitle =    "Proceedings of the SCADA Security Scientific Symposium",
  address =      "Miami Beach, Florida",
  year =         2007,
  month =        jan



About Us  |  R&D Divisions  |  Careers  |  Newsroom  |  Contact Us
© 2024 SRI International 333 Ravenswood Avenue, Menlo Park, CA 94025-3493
SRI International is an independent, nonprofit corporation. Privacy policy