Using Model-based Intrusion Detection for SCADA Networks
by Dr. Steven Cheung, Dr. Bruno Dutertre, Martin Fong, Dr. Ulf Lindqvist, Keith Skinner & Alfonso Valdes.
From Proceedings of the SCADA Security Scientific Symposium.
Miami Beach, Florida,
In a model-based intrusion detection
approach for protecting SCADA networks,
we construct models that
characterize the expected/acceptable behavior of
the system, and detect attacks that cause
violations of these models.
Process control networks tend to have static topologies,
regular traffic patterns, and a limited number of
applications and protocols running on them.
Thus, we believe that model-based monitoring, which
has the potential for detecting unknown attacks,
is more feasible for control networks than for
general enterprise networks.
To this end, we describe three model-based techniques
that we have developed and a prototype
implementation of them for monitoring
Modbus TCP networks.
author = "Steven Cheung and Bruno Dutertre and Martin Fong and
Ulf Lindqvist and Keith Skinner and Alfonso Valdes",
title = "Using Model-based Intrusion Detection for SCADA Networks",
booktitle = "Proceedings of the SCADA Security Scientific Symposium",
address = "Miami Beach, Florida",
year = 2007,
month = jan