Abstract
The detection of attacks and intrusions based on anomalies is hampered by the limits of specificity underlying the detection techniques. However, in the case of many critical infrastructure systems, domain-specific knowledge and models can impose constraints that potentially reduce error rates. At the same time, attackers can use their knowledge of system behavior to mask their manipulations, causing adverse effects to observed only after a significant period of time. This paper describes elementary statistical techniques that can be applied to detect anomalies in critical infrastructure networks. A SCADA system employed in liquefied natural gas (LNG) production is used as a case study.
Original language | English |
---|---|
Title of host publication | Critical Infrastructure Protection II |
Subtitle of host publication | Proc. Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection |
Publisher | Springer-Verlag |
Pages | 101-113 |
ISBN (Print) | 978-0-387-88523-0 |
DOIs | |
Publication status | Published - Mar 2008 |