Using Application Layer Metrics to Detect Advanced SCADA Attacks

Peter Maynard; Kieran McLaughlin; Sakir Sezer

doi:10.5220/0006656204180425

Using Application Layer Metrics to Detect Advanced SCADA Attacks

Peter Maynard, Kieran McLaughlin, Sakir Sezer

School of Electronics, Electrical Engineering and Computer Science

Research output: Contribution to conference › Paper

3 Citations (Scopus)

Abstract

Current state of the art intrusion detection and network monitoring systems have a tendency to focus on the ’Five-Tuple’ features (Protocol, IP src/dst and Port src/dest). As a result there is a gap in visibility of security at an application level. We propose a collection of network application layer metrics to provide a greater insight into SCADA communications. These metrics are devised from an analysis of the ICS threat landscape and the current state of the art detection systems. Our metrics are able to detect a range of adversary capabilities which goes beyond previous literature in the SCADA domain.

Original language	English
DOIs	https://doi.org/10.5220/0006656204180425
Publication status	Published - Jan 2018
Event	4th International Conference on Information Systems Security and Privacy - Portugal, Portugal Duration: 22 Jan 2018 → 24 Jan 2018 http://www.icissp.org/

Conference

Conference	4th International Conference on Information Systems Security and Privacy
Country	Portugal
Period	22/01/2018 → 24/01/2018
Internet address	http://www.icissp.org/

Access to Document

10.5220/0006656204180425

http://www.scitepress.org/Papers/2018/66562/66562.pdf

Fingerprint Dive into the research topics of 'Using Application Layer Metrics to Detect Advanced SCADA Attacks'. Together they form a unique fingerprint.

Projects

1 Finished

R1594ECI: Analysing and Detecting Advanced Multistage Attacks Against ICS

McLaughlin, K.

13/01/2016 → 30/09/2018

Project: Research

Cite this

Maynard, P., McLaughlin, K., & Sezer, S. (2018). Using Application Layer Metrics to Detect Advanced SCADA Attacks. Paper presented at 4th International Conference on Information Systems Security and Privacy, Portugal. https://doi.org/10.5220/0006656204180425

@conference{4f37958a3ed04335bcba2a62d2fd7f0e,

title = "Using Application Layer Metrics to Detect Advanced SCADA Attacks",

abstract = "Current state of the art intrusion detection and network monitoring systems have a tendency to focus on the {\textquoteright}Five-Tuple{\textquoteright} features (Protocol, IP src/dst and Port src/dest). As a result there is a gap in visibility of security at an application level. We propose a collection of network application layer metrics to provide a greater insight into SCADA communications. These metrics are devised from an analysis of the ICS threat landscape and the current state of the art detection systems. Our metrics are able to detect a range of adversary capabilities which goes beyond previous literature in the SCADA domain.",

author = "Peter Maynard and Kieran McLaughlin and Sakir Sezer",

year = "2018",

month = jan,

doi = "10.5220/0006656204180425",

language = "English",

note = "4th International Conference on Information Systems Security and Privacy ; Conference date: 22-01-2018 Through 24-01-2018",

url = "http://www.icissp.org/",

}

TY - CONF

T1 - Using Application Layer Metrics to Detect Advanced SCADA Attacks

AU - Maynard, Peter

AU - McLaughlin, Kieran

AU - Sezer, Sakir

PY - 2018/1

Y1 - 2018/1

N2 - Current state of the art intrusion detection and network monitoring systems have a tendency to focus on the ’Five-Tuple’ features (Protocol, IP src/dst and Port src/dest). As a result there is a gap in visibility of security at an application level. We propose a collection of network application layer metrics to provide a greater insight into SCADA communications. These metrics are devised from an analysis of the ICS threat landscape and the current state of the art detection systems. Our metrics are able to detect a range of adversary capabilities which goes beyond previous literature in the SCADA domain.

AB - Current state of the art intrusion detection and network monitoring systems have a tendency to focus on the ’Five-Tuple’ features (Protocol, IP src/dst and Port src/dest). As a result there is a gap in visibility of security at an application level. We propose a collection of network application layer metrics to provide a greater insight into SCADA communications. These metrics are devised from an analysis of the ICS threat landscape and the current state of the art detection systems. Our metrics are able to detect a range of adversary capabilities which goes beyond previous literature in the SCADA domain.

U2 - 10.5220/0006656204180425

DO - 10.5220/0006656204180425

M3 - Paper

T2 - 4th International Conference on Information Systems Security and Privacy

Y2 - 22 January 2018 through 24 January 2018

ER -