Using Application Layer Metrics to Detect Advanced SCADA Attacks

      Research output: Research - peer-reviewPaper

      Forthcoming

      View graph of relations

      Current state of the art intrusion detection and network monitoring systems have a tendency to focus on the ’Five-Tuple’ features (Protocol, IP src/dst and Port src/dest). As a result there is a gap in visibility of security at an application level. We propose a collection of network application layer metrics to provide a greater insight into SCADA communications. These metrics are devised from an analysis of the ICS threat landscape and the current state of the art detection systems. Our metrics are able to detect a range of adversary capabilities which goes beyond previous literature in the SCADA domain.

      DOI

      Original languageEnglish
      DOIs
      StateAccepted - Jan 2018
      Event4th International Conference on Information Systems Security and Privacy - Portugal, Portugal
      Duration: 22 Jan 201824 Jan 2018
      http://www.icissp.org/

      Conference

      Conference4th International Conference on Information Systems Security and Privacy
      CountryPortugal
      Period22/01/201824/01/2018
      Internet address

      ID: 137637897