Abstract
Supervisory control and data acquisition (SCADA) systems form
a vital part of the critical infrastructure. Such systems have been subject
to sophisticated and persistent attacks which are executed by processes
under adversary supervision. Such attacks may be detected using inconsistencies
in sensor readings or estimated behavior of the plant. However,
to locate and eliminate malicious “agents” in networks, novel protocols
are required to observe messaging behavior. In this paper, we propose
a novel network protocol for SCADA systems which, for low computational
cost, permits discovery and elimination of subverted nodes utilizing
techniques related to probabilistic packet marking. We discuss its advantages
over earlier work in this area, calculate message complexity requirements
for detection and outline its resilience to various attack strategies.
a vital part of the critical infrastructure. Such systems have been subject
to sophisticated and persistent attacks which are executed by processes
under adversary supervision. Such attacks may be detected using inconsistencies
in sensor readings or estimated behavior of the plant. However,
to locate and eliminate malicious “agents” in networks, novel protocols
are required to observe messaging behavior. In this paper, we propose
a novel network protocol for SCADA systems which, for low computational
cost, permits discovery and elimination of subverted nodes utilizing
techniques related to probabilistic packet marking. We discuss its advantages
over earlier work in this area, calculate message complexity requirements
for detection and outline its resilience to various attack strategies.
Original language | English |
---|---|
Title of host publication | Proceedings of the 6th International Workshop on Critical Information Infrastructures Security 2011 (CRITIS 2011) |
Publisher | Springer-Verlag |
Publication status | Accepted/In press - 2012 |