Defeating Network Node Subversion on SCADA Systems Using Probabilistic Packet Observation. / Mcevoy, Richard; Wolthusen, Stephen D.

Proceedings of the 6th International Workshop on Critical Information Infrastructures Security 2011 (CRITIS 2011). Springer-Verlag, 2012.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Forthcoming

Documents

Abstract

Supervisory control and data acquisition (SCADA) systems form
a vital part of the critical infrastructure. Such systems have been subject
to sophisticated and persistent attacks which are executed by processes
under adversary supervision. Such attacks may be detected using inconsistencies
in sensor readings or estimated behavior of the plant. However,
to locate and eliminate malicious “agents” in networks, novel protocols
are required to observe messaging behavior. In this paper, we propose
a novel network protocol for SCADA systems which, for low computational
cost, permits discovery and elimination of subverted nodes utilizing
techniques related to probabilistic packet marking. We discuss its advantages
over earlier work in this area, calculate message complexity requirements
for detection and outline its resilience to various attack strategies.
Original languageEnglish
Title of host publicationProceedings of the 6th International Workshop on Critical Information Infrastructures Security 2011 (CRITIS 2011)
PublisherSpringer-Verlag
Publication statusAccepted/In press - 2012
This open access research output is licenced under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

ID: 5087763