Abstract
ICS (Industrial Control System) is a computer-controlled system that monitors and controls distributed field devices for power grid, water treatment and other industrial areas. Because ICS components fulfill their own roles, the network traffic of ICS has obvious regular patterns. These patterns can be used effectively in monitoring ICS network and detecting signs of cyber-attacks. In our previous work, we proposed a burst-based anomaly detection method for DNP3 protocol using the regularity of ICS network traffic. Traffic monitoring method such as switch mirroring causes many problems; packet duplication, packet out-of-order, and packet loss. The problems cause many false alarms. Furthermore, it is hard to decide whether the alarms caused by lost packets are true or false. In this paper, we apply our burst-based approach to TCP protocol in SCADA network and propose a method to manage monitoring problems for burst-based anomaly detection.
Author supplied keywords
Cite
CITATION STYLE
Kim, K. H., Yun, J. H., Chang, Y., & Kim, W. (2015). Packet loss consideration for burst-based anomaly detection in SCADA network. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8909, pp. 358–369). Springer Verlag. https://doi.org/10.1007/978-3-319-15087-1_28
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
