Using Application Layer Metrics to Detect Advanced SCADA Attacks

Peter Maynard, Kieran McLaughlin, Sakir Sezer

Abstract

Current state-of-the-art intrusion detection and network monitoring systems have a tendency to focus on the ‘Five-Tuple’ features (protocol, IP src/dst and port src/dest). As a result there is a gap in visibility of security at an application level. We propose a collection of network application layer metrics to provide a greater insight into SCADA communications. These metrics are devised from an analysis of the industrial control system (ICS) threat landscape and the current state-of-the-art detection systems. Our metrics are able to detect a range of adversary capabilities which goes beyond previous literature in the SCADA domain.

Download


Paper Citation


in Harvard Style

Maynard P., McLaughlin K. and Sezer S. (2018). Using Application Layer Metrics to Detect Advanced SCADA Attacks.In Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-282-0, pages 418-425. DOI: 10.5220/0006656204180425


in Bibtex Style

@conference{icissp18,
author={Peter Maynard and Kieran McLaughlin and Sakir Sezer},
title={Using Application Layer Metrics to Detect Advanced SCADA Attacks},
booktitle={Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2018},
pages={418-425},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006656204180425},
isbn={978-989-758-282-0},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Using Application Layer Metrics to Detect Advanced SCADA Attacks
SN - 978-989-758-282-0
AU - Maynard P.
AU - McLaughlin K.
AU - Sezer S.
PY - 2018
SP - 418
EP - 425
DO - 10.5220/0006656204180425