Skip to Main content Skip to Navigation
Conference papers

Traffic-Locality-Based Creation of Flow Whitelists for SCADA Networks

Abstract : The security of supervisory control and data acquisition (SCADA) networks has attracted considerable attention since the discovery of Stuxnet in 2010. Meanwhile, SCADA networks have become increasingly interconnected both locally and remotely. It is, therefore, necessary to develop effective network intrusion detection capabilities. Whitelist-based intrusion detection has become an attractive approach for SCADA networks. However, when analyzing network traffic in SCADA systems, general properties such as TCP handshaking and common ports are insufficient to create flow whitelists. To address the problem, this chapter proposes a methodology for locality-based creation of flow whitelists and conducts experiments to evaluate its effectiveness in seven SCADA systems. The experimental results demonstrate that the methodology generates effective whitelists for deployment in SCADA networks.
Document type :
Conference papers
Complete list of metadata

Cited literature [8 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, January 10, 2017 - 2:56:24 PM
Last modification on : Wednesday, January 11, 2017 - 2:30:32 PM
Long-term archiving on: : Tuesday, April 11, 2017 - 3:18:19 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Seungoh Choi, Yeop Chang, Jeong-Han Yun, Woonyon Kim. Traffic-Locality-Based Creation of Flow Whitelists for SCADA Networks. 9th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2015, Arlington, VA, United States. pp.87-102, ⟨10.1007/978-3-319-26567-4_6⟩. ⟨hal-01431015⟩



Record views


Files downloads