Difficulties in Modeling SCADA Traffic: A Comparative Analysis

Modern critical infrastructures, such as water distribution and power generation, are large facilities that are distributed over large geographical areas. Supervisory Control and Data Acquisition (SCADA) networks are deployed to guarantee the correct operation and safety of these infrastructures. In this paper, we describe key characteristics of SCADA traffic, verifying if models developed for traffic in traditional IT networks are applicable. Our results show that SCADA traffic largely differs from traditional IT traffic, more noticeably not presenting diurnal patters or self-similar correlations in the time series.

[1]  Paulo S. Motta Pires,et al.  Using a packet manipulation tool for security analysis of industrial network protocols , 2007, 2007 IEEE Conference on Emerging Technologies and Factory Automation (EFTA 2007).

[2]  Alessandro Vespignani,et al.  Large-scale topological and dynamical properties of the Internet. , 2001, Physical review. E, Statistical, nonlinear, and soft matter physics.

[3]  Sally Floyd,et al.  Difficulties in simulating the internet , 2001, TNET.

[4]  Aiko Pras,et al.  Simpleweb/University of Twente Traffic Traces Data Repository , 2010 .

[5]  Paulo Gonçalves,et al.  Investigating Self-Similarity and Heavy-Tailed Distributions on a Large-Scale Experimental Facility , 2010, IEEE/ACM Transactions on Networking.

[6]  Wolfgang Kellerer,et al.  Managing Large-Scale Service Deployment, 19th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, DSOM 2008, Samos Island, Greece, September 22-26, 2008. Proceedings , 2008, DSOM.

[7]  Alan Weiss,et al.  A compound model for TCP connection arrivals for LAN and WAN applications , 2002, Comput. Networks.

[8]  Azer Bestavros,et al.  Self-similarity in World Wide Web traffic: evidence and possible causes , 1996, SIGMETRICS '96.

[9]  Allen B. Downey,et al.  Lognormal and Pareto distributions in the Internet , 2005, Comput. Commun..

[10]  Donald F. Towsley,et al.  Self-similarity and long range dependence on the internet: a second look at the evidence, origins and implications , 2005, Comput. Networks.

[11]  Walter Willinger,et al.  On the Self-Similar Nature of Ethernet Traffic ( extended version ) , 1995 .

[12]  Alfonso Valdes,et al.  Communication pattern anomaly detection in process control systems , 2009, 2009 IEEE Conference on Technologies for Homeland Security.

[13]  Aiko Pras,et al.  A first look into SCADA network traffic , 2012, 2012 IEEE Network Operations and Management Symposium.

[14]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[15]  Ramin Sadre,et al.  Changes in the Web from 2000 to 2007 , 2008, DSOM.

[16]  Sally Floyd,et al.  Wide-area traffic: the failure of Poisson modeling , 1994 .