Using Application Layer Metrics to Detect Advanced SCADA Attacks
Peter Maynard, Kieran McLaughlin, Sakir Sezer
2018
Abstract
Current state-of-the-art intrusion detection and network monitoring systems have a tendency to focus on the ‘Five-Tuple’ features (protocol, IP src/dst and port src/dest). As a result there is a gap in visibility of security at an application level. We propose a collection of network application layer metrics to provide a greater insight into SCADA communications. These metrics are devised from an analysis of the industrial control system (ICS) threat landscape and the current state-of-the-art detection systems. Our metrics are able to detect a range of adversary capabilities which goes beyond previous literature in the SCADA domain.
DownloadPaper Citation
in Harvard Style
Maynard P., McLaughlin K. and Sezer S. (2018). Using Application Layer Metrics to Detect Advanced SCADA Attacks.In Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-282-0, pages 418-425. DOI: 10.5220/0006656204180425
in Bibtex Style
@conference{icissp18,
author={Peter Maynard and Kieran McLaughlin and Sakir Sezer},
title={Using Application Layer Metrics to Detect Advanced SCADA Attacks},
booktitle={Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2018},
pages={418-425},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006656204180425},
isbn={978-989-758-282-0},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Using Application Layer Metrics to Detect Advanced SCADA Attacks
SN - 978-989-758-282-0
AU - Maynard P.
AU - McLaughlin K.
AU - Sezer S.
PY - 2018
SP - 418
EP - 425
DO - 10.5220/0006656204180425