Defeating Network Node Subversion on SCADA Systems Using Probabilistic Packet Observation

Richard Mcevoy, Stephen D. Wolthusen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

312 Downloads (Pure)


Supervisory control and data acquisition (SCADA) systems form
a vital part of the critical infrastructure. Such systems have been subject
to sophisticated and persistent attacks which are executed by processes
under adversary supervision. Such attacks may be detected using inconsistencies
in sensor readings or estimated behavior of the plant. However,
to locate and eliminate malicious “agents” in networks, novel protocols
are required to observe messaging behavior. In this paper, we propose
a novel network protocol for SCADA systems which, for low computational
cost, permits discovery and elimination of subverted nodes utilizing
techniques related to probabilistic packet marking. We discuss its advantages
over earlier work in this area, calculate message complexity requirements
for detection and outline its resilience to various attack strategies.
Original languageEnglish
Title of host publicationProceedings of the 6th International Workshop on Critical Information Infrastructures Security 2011 (CRITIS 2011)
Publication statusAccepted/In press - 2012

Cite this