Mcevoy, Richard and Wolthusen, Stephen D. (2012) Defeating Network Node Subversion on SCADA Systems Using Probabilistic Packet Observation In: Proceedings of the 6th International Workshop on Critical Information Infrastructures Security 2011 (CRITIS 2011). Springer-Verlag.
Full text access: Open
Supervisory control and data acquisition (SCADA) systems form a vital part of the critical infrastructure. Such systems have been subject to sophisticated and persistent attacks which are executed by processes under adversary supervision. Such attacks may be detected using inconsistencies in sensor readings or estimated behavior of the plant. However, to locate and eliminate malicious “agents” in networks, novel protocols are required to observe messaging behavior. In this paper, we propose a novel network protocol for SCADA systems which, for low computational cost, permits discovery and elimination of subverted nodes utilizing techniques related to probabilistic packet marking. We discuss its advantages over earlier work in this area, calculate message complexity requirements for detection and outline its resilience to various attack strategies.
This is a Accepted version This version's date is: 2012 This item is not peer reviewed
https://repository.royalholloway.ac.uk/items/de5e1286-6fb0-5cf9-8f04-81886de61291/10/
Deposited by Research Information System (atira) on 18-Nov-2014 in Royal Holloway Research Online.Last modified on 18-Nov-2014