Using Application Layer Metrics to Detect Advanced SCADA Attacks
Research output: Research - peer-review › Paper
Current state of the art intrusion detection and network monitoring systems have a tendency to focus on the ’Five-Tuple’ features (Protocol, IP src/dst and Port src/dest). As a result there is a gap in visibility of security at an application level. We propose a collection of network application layer metrics to provide a greater insight into SCADA communications. These metrics are devised from an analysis of the ICS threat landscape and the current state of the art detection systems. Our metrics are able to detect a range of adversary capabilities which goes beyond previous literature in the SCADA domain.
|State||Accepted - Jan 2018|
|Event||4th International Conference on Information Systems Security and Privacy - Portugal, Portugal|
Duration: 22 Jan 2018 → 24 Jan 2018
|Conference||4th International Conference on Information Systems Security and Privacy|
|Period||22/01/2018 → 24/01/2018|