论文信息 - Behavior Based Anomaly Detection Model in SCADA System

Behavior Based Anomaly Detection Model in SCADA System

With the arrival of Industry 4.0, more and more industrial control systems are connected with the outside world, which brings tremendous convenience to industrial production and control, and also introduces many potential security hazards. After a large number of attack cases analysis, we found that attacks in SCADA systems can be divided into internal attacks and external attacks. Both types of attacks are inevitable. Traditional firewalls, IDSs and IPSs are no longer suitable for industrial control systems. Therefore, we propose behavior-based anomaly detection and build three baselines of normal behaviors. Experiments show that using our proposed detection model, we can quickly detect a variety of attacks on SCADA (Supervisory Control And Data Acquisition) systems.

[1] Karen A. Scarfone,et al. Guide to Industrial Control Systems (ICS) Security , 2015 .

[2] Eric D. Knapp,et al. Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems , 2011 .

[3] Stefan Savage,et al. Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[4] Levente Buttyán,et al. Duqu: A Stuxnet-like malware found in the wild , 2011 .

[5] Ralph Langner,et al. Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[6] Mark Fabro,et al. Control Systems Cyber Security: Defense-in-Depth Strategies , 2006 .