Abstract
This paper will show how the accuracy and security of SCADA systems can be improved by using anomaly detection to identify bad values caused by attacks and faults. The performance of invariant induction and n- gram anomaly-detectors will be compared and this paper will also outline plans for taking this work further by integrating the output from several anomaly- detecting techniques using Bayesian networks. Although the methods outlined in this paper are illustrated using the data from an electricity network, this research springs from a more general attempt to improve the security and dependability of SCADA systems using anomaly detection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Clements, K.A., Davis, P.W.: Detection and Identification of Topology Errors in Electric Power Systems. IEEE Transactions on Power Systems 3(4) ( November 1988)
CylantSecure, http://www.cylant.com
Damashek, M.: Gauging Similarity with n-Grams: Language-Independent Categorization of Text. Science 267(10), 843–848 (1995)
dti (Department of Trade and Industry, UK). Information Security Breaches Survey (2002), available at: https://www.security-survey.gov.uk/isbs2002_detailedreport.pdf
Dĕroski, S., Todorovski, L.: Discovering Dynamics: From Inductive Logic Programming to Machine Discovery. Journal of Intelligent Systems 4, 89–108 (1994)
Ernst, M.D.: Dynamically Discovering Likely Program Invariants, PhD Thesis, University of Washington (2000)
Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for unix processes. In: Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy. IEEE Press, Los Alamitos (1996)
González-Pérez, C., Wollenberg, B.F.: Analysis of Massive Measurement Loss in Large-Scale Power System State Estimation. IEEE Transactions on Power Systems 16(4) (November 2001)
Higgins, M. (ed.): Symantec Internet Security Threat Report, Volume 3 (February 2003)
Langley, P., Simon, H., Bradshaw, G.: Heuristics for empirical discovery. In: Bolc, L. (ed.) Computational Models of Learning. Springer, Berlin (1987)
Lemos, R., Borland, J., Bowman, L., Junnarkar, S.: E-terrorism, News.com Special Report, August 27 (2002)
National Security Telecommunications Advisory Committee Information Assurance Task Force, Electric Power Risk Assessment, (March 1997), http://www.ncs.gov/n5_hp/Reports/EPRA/electric.html
Oman, P., Schweitzer, E., Roberts, J.: Safeguarding IEDs, Substations, and SCADA Systems Against Electronic Intrusions, available at: http://tesla.selinc.com/techpprs.htm
Pereira, J.C., Saraiva, J.T., Miranda, V.C., Antonio, S.L., Clements, K.A.: Comparison of Approaches to Identify Topology Errors in the Scope of State Estimation Studies. In: Proceedings of the, IEEE Porto Power Tech Conference, Porto, Portugal, 10th – 13th (September 2001)
Rao, R.B., Lu, S.C.-Y.: KEDS: a knowledge-based equation discovery system for engineering problems. In:Proceedings of the Eighth Conference on Artificial Intelligence for Applications, 2–6, (March 1992), pp. 211–217 (1992)
Reliability Test System Task Force of the Application of Probability Methods Subcommittee, ‘IEEE Reliability Test System’. IEEE Transactions on Power Apparatus and Systems PAS-98(6) (November/December 1979)
Safeguard website, http://www.ist-safeguard.org
Sterling, B.: The Hacker Crackdown, available at: http://www.mit.edu/hacker/hacker.html
Tan, K.M.C., Maxion, R.A.: Why 6? Defining the Operational Limits of stide, an Anomaly-Based Intrusion Detector. In: IEEE Symposium on Security and Privacy, Berkeley, California, 12–15 May, pp. 188–201 (2002)
Wood, A.J., Wollenberg, B.F.: Power Generation, Operation and Control, 2nd edn. John Wiley & Sons Inc.,New York (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bigham, J., Gamez, D., Lu, N. (2003). Safeguarding SCADA Systems with Anomaly Detection. In: Gorodetsky, V., Popyack, L., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2003. Lecture Notes in Computer Science, vol 2776. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45215-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-540-45215-7_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40797-3
Online ISBN: 978-3-540-45215-7
eBook Packages: Springer Book Archive