Traffic-Locality-Based Creation of Flow Whitelists for SCADA Networks

Abstract : The security of supervisory control and data acquisition (SCADA) networks has attracted considerable attention since the discovery of Stuxnet in 2010. Meanwhile, SCADA networks have become increasingly interconnected both locally and remotely. It is, therefore, necessary to develop effective network intrusion detection capabilities. Whitelist-based intrusion detection has become an attractive approach for SCADA networks. However, when analyzing network traffic in SCADA systems, general properties such as TCP handshaking and common ports are insufficient to create flow whitelists. To address the problem, this chapter proposes a methodology for locality-based creation of flow whitelists and conducts experiments to evaluate its effectiveness in seven SCADA systems. The experimental results demonstrate that the methodology generates effective whitelists for deployment in SCADA networks.
Type de document :
Communication dans un congrès
Mason Rice; Sujeet Shenoi. 9th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2015, Arlington, VA, United States. IFIP Advances in Information and Communication Technology, AICT-466, pp.87-102, 2015, Critical Infrastructure Protection IX. 〈10.1007/978-3-319-26567-4_6〉
Liste complète des métadonnées

Littérature citée [8 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01431015
Contributeur : Hal Ifip <>
Soumis le : mardi 10 janvier 2017 - 14:56:24
Dernière modification le : mercredi 11 janvier 2017 - 14:30:32
Document(s) archivé(s) le : mardi 11 avril 2017 - 15:18:19

Fichier

978-3-319-26567-4_6_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Seungoh Choi, Yeop Chang, Jeong-Han Yun, Woonyon Kim. Traffic-Locality-Based Creation of Flow Whitelists for SCADA Networks. Mason Rice; Sujeet Shenoi. 9th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2015, Arlington, VA, United States. IFIP Advances in Information and Communication Technology, AICT-466, pp.87-102, 2015, Critical Infrastructure Protection IX. 〈10.1007/978-3-319-26567-4_6〉. 〈hal-01431015〉

Partager

Métriques

Consultations de la notice

45

Téléchargements de fichiers

15