Skip to main content
SpringerLink
Log in

A Review of SCADA Anomaly Detection Systems

  • Conference paper
Soft Computing Models in Industrial and Environmental Applications, 6th International Conference SOCO 2011

Part of the book series: Advances in Intelligent and Soft Computing ((AINSC,volume 87))

Abstract

The security of critical infrastructures is decreasing due to the apparition of new cyber threats against Supervisory Control and Data Acquisition (SCADA) systems. The evolution they have experienced; the use of standard hardware and software components or the increase of interconnected devices in order to reduce costs and improve efficiency, have contributed to this. This work reviews the research effort done towards the development of anomaly detection for these specific systems. SCADA systems have a number of peculiarities that make anomaly detection perform better than in traditional information and communications technology (ICT) networks. SCADA communications are deterministic, and their operation model is often cyclical. Based on this premise, modeling normal behavior by mining specific features gets feasible.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. McMillan, R.: Siemens: Stuxnet worm hit industrial systems (2010), http://www.computerworld.com/s/article/print/9185419/Siemens_Stuxnet_worm_hit_industrial_systems?taxonomyName=Network+Security&taxonomyId=142 (accessed September 14, 2010)

  2. Richmond, R.:Malware hits computerized industrial equipment (2010), http://bits.blogs.nytimes.com/2010/09/24/malware-hits-omputerized-industrial-equipment/?ref=middleeast (accessed September 24, 2010)

  3. Christiansson, H., Luiijf, E.: Creating a European SCADA Security Testbed. Critical Infrastructure Protection, 237-247 (2007)

    Google ScholarĀ 

  4. Byres, E., Creery, A.: Industrial cybersecurity for power system and SCADA networks. In: Petroleum and Chemical Industry Conference, 303-309 (2005)

    Google ScholarĀ 

  5. Barbosa, R., Pras, A.: Intrusion Detection in SCADA Networks. Mechanisms for Autonomous Management of Networks and Services. 163-166 (2010)

    Google ScholarĀ 

  6. Dā€™Antonio, S., Oliviero, F., Setola, R.: High-speed intrusion detection in support of critical infrastructure protection. Critical Information Infrastructures Security, 222ā€“234 (2006)

    Google ScholarĀ 

  7. Barbara, D., Wu, N., Jajodia, S.: Detecting novel network intrusions using bayes estimators. In: First SIAM Conference on Data Mining (2001)

    Google ScholarĀ 

  8. Lane, T., Brodley, C.: An application of machine learning to anomaly detection. In: Proceedings of the 20th National Information Systems Security Conference, pp. 366ā€“377 (1997)

    Google ScholarĀ 

  9. Valdes, A., Cheung, S., Lindqvist, U., et al.: Securing Current and Future Process Control Systems. In: International Federation for Information Processing Digital Library, pp. 99ā€“115 (2007)

    Google ScholarĀ 

  10. Valdes, A., Cheung, S., Dutertre, B., et al.: Using model-based intrusion detection for SCADA networks. In: Proceedings of the SCADA Security Scientific Symposium (2006)

    Google ScholarĀ 

  11. Salvi, D., Mazzariello, C., Oliviero, F., Dā€™Antonio, S.: A Distributed multi-purpose IP flow monitor. In: 3Ā° International Workshop on Internet Performance, Simulation, Monitoring and Measurement IPS-MoMe 9 (2005)

    Google ScholarĀ 

  12. Rrushi, J., Campbell, R.: Detecting Cyber Attacks On Nuclear Power Plants. Critical Infrastructure Protection, 41ā€“54 (2009)

    Google ScholarĀ 

  13. DĆ¼ssel, P., Gehl, C., Laskov, P., et al.: Cyber-Critical Infrastructure Protection Using Real-time Payload-based Anomaly Detection. Critical Information Infrastructures Security, 85ā€“97 (2010)

    Google ScholarĀ 

  14. Lawrence Berkeley National Laboratory Bro intrusion detection system (2010), http://www.bro-ids.org (accessed September 17, 2010)

  15. Papa, M., Gonzalez, J.: Passive Scanning in Modbus Networks. International Federation for Information Processing Digital Library, 175ā€“187 (2007)

    Google ScholarĀ 

  16. Cucurull, J., Asplund, M., Nadjm-Tehrani, S.: Anomaly detection and mitigation for disaster area networks. Recent Advances in Intrusion Detection, 339ā€“359 (2010)

    Google ScholarĀ 

  17. Porras, P.A., Neumann, P.G.: EMERALD: Event monitoring enabling responses to anomalous live disturbances. In: Proceedings of the 20th National Information Systems Security Conference, pp. 353ā€“365 (1997)

    Google ScholarĀ 

  18. Bigham, J., Gamez, D., Lu, N.: Safeguarding SCADA systems with anomaly detection. Computer Network Security, 171ā€“182 (2003)

    Google ScholarĀ 

  19. Yang, D., Usynin, A., Hines, J.W.: Anomaly-based intrusion detection for SCADA systems. In: 5th Intl. Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies, pp. 12ā€“16 (2005)

    Google ScholarĀ 

  20. Valdes, A., Cheung, S.: Communication pattern anomaly detection in process control systems. In: IEEE Conference on Technologies for Homeland Security, pp. 22ā€“29 (2009)

    Google ScholarĀ 

Download references

Author information

Authors and Affiliations

  1. Electronics and Computing Department, Mondragon University, Goiru Kalea, 2, 20500, Arrasate-Mondragon, Spain

    IƱaki Garitano,Ā Roberto UribeetxeberriaĀ &Ā Urko Zurutuza

Authors
  1. IƱaki Garitano
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  2. Roberto Uribeetxeberria
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  3. Urko Zurutuza
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

Editor information

Editors and Affiliations

  1. Universidad de Salamanca, Plaza de la Merced S/N, 37008, Salamanca, Spain

    Emilio Corchado

  2. VÅ B-TU Ostrava, 17. listopadu 15, 70833, Ostrava, Czech Republic

    VĆ”clav SnĆ”Å”el

  3. University of Burgos, Avenida Cantaria S/N, 09006, Burgos, Spain

    Javier Sedano

  4. Cairo University, 5 Ahmed Zewal St., Orman, Cairo, Egypt

    Aboul Ella Hassanien

  5. University of La CoruƱa, Avda. 19 de Febrero, S/N, A CoruƱa,, 15403, Ferrol, Spain

    JosƩ Luis Calvo

  6. Infobright, 47 Colborne Street, Suite 403, M5E1P8, Toronto, Ontario, Canada

    Dominik ŚlČ©zak

Rights and permissions

Reprints and permissions

Copyright information

Ā© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Garitano, I., Uribeetxeberria, R., Zurutuza, U. (2011). A Review of SCADA Anomaly Detection Systems. In: Corchado, E., SnĆ”Å”el, V., Sedano, J., Hassanien, A.E., Calvo, J.L., ŚlČ©zak, D. (eds) Soft Computing Models in Industrial and Environmental Applications, 6th International Conference SOCO 2011. Advances in Intelligent and Soft Computing, vol 87. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19644-7_38

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-19644-7_38

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-19643-0

  • Online ISBN: 978-3-642-19644-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation