Modeling And Detecting Anomalies In Scada Systems

Nils Svendsen, Stephen D. Wolthusen

Research output: Chapter in Book/Report/Conference proceedingConference contribution


The detection of attacks and intrusions based on anomalies is hampered by the limits of specificity underlying the detection techniques. However, in the case of many critical infrastructure systems, domain-specific knowledge and models can impose constraints that potentially reduce error rates. At the same time, attackers can use their knowledge of system behavior to mask their manipulations, causing adverse effects to observed only after a significant period of time. This paper describes elementary statistical techniques that can be applied to detect anomalies in critical infrastructure networks. A SCADA system employed in liquefied natural gas (LNG) production is used as a case study.
Original languageEnglish
Title of host publicationCritical Infrastructure Protection II
Subtitle of host publicationProc. Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection
ISBN (Print)978-0-387-88523-0
Publication statusPublished - Mar 2008

Cite this