Using Application Layer Metrics to Detect Advanced SCADA Attacks

Research output: Contribution to conferencePaper

3 Citations (Scopus)

Abstract

Current state of the art intrusion detection and network monitoring systems have a tendency to focus on the ’Five-Tuple’ features (Protocol, IP src/dst and Port src/dest). As a result there is a gap in visibility of security at an application level. We propose a collection of network application layer metrics to provide a greater insight into SCADA communications. These metrics are devised from an analysis of the ICS threat landscape and the current state of the art detection systems. Our metrics are able to detect a range of adversary capabilities which goes beyond previous literature in the SCADA domain.
Original languageEnglish
DOIs
Publication statusPublished - Jan 2018
Event4th International Conference on Information Systems Security and Privacy - Portugal, Portugal
Duration: 22 Jan 201824 Jan 2018
http://www.icissp.org/

Conference

Conference4th International Conference on Information Systems Security and Privacy
CountryPortugal
Period22/01/201824/01/2018
Internet address

Fingerprint Dive into the research topics of 'Using Application Layer Metrics to Detect Advanced SCADA Attacks'. Together they form a unique fingerprint.

  • Projects

    Cite this

    Maynard, P., McLaughlin, K., & Sezer, S. (2018). Using Application Layer Metrics to Detect Advanced SCADA Attacks. Paper presented at 4th International Conference on Information Systems Security and Privacy, Portugal. https://doi.org/10.5220/0006656204180425