Towards periodicity based anomaly detection in SCADA networks

Supervisory Control and Data Acquisition (SCADA) networks are commonly deployed to aid the operation of large industrial facilities. The polling mechanism used to retrieve data from field devices causes the data transmission to be highly periodic. In this paper, we propose an approach that exploits traffic periodicity to detect traffic anomalies, which represent potential intrusion attempts. We present a proof of concept to show the feasibility of our approach.

[1]  Aiko Pras,et al.  Difficulties in Modeling SCADA Traffic: A Comparative Analysis , 2012, PAM.

[2]  Pieter H. Hartel,et al.  A log mining approach for process monitoring in SCADA , 2010, International Journal of Information Security.

[3]  Philip S. Yu,et al.  Structural Periodic Measures for Time-Series Data , 2005, Data Mining and Knowledge Discovery.

[4]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[5]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[6]  Aiko Pras,et al.  A first look into SCADA network traffic , 2012, 2012 IEEE Network Operations and Management Symposium.