Abstract
The security of critical infrastructures is decreasing due to the apparition of new cyber threats against Supervisory Control and Data Acquisition (SCADA) systems. The evolution they have experienced; the use of standard hardware and software components or the increase of interconnected devices in order to reduce costs and improve efficiency, have contributed to this. This work reviews the research effort done towards the development of anomaly detection for these specific systems. SCADA systems have a number of peculiarities that make anomaly detection perform better than in traditional information and communications technology (ICT) networks. SCADA communications are deterministic, and their operation model is often cyclical. Based on this premise, modeling normal behavior by mining specific features gets feasible.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
McMillan, R.: Siemens: Stuxnet worm hit industrial systems (2010), http://www.computerworld.com/s/article/print/9185419/Siemens_Stuxnet_worm_hit_industrial_systems?taxonomyName=Network+Security&taxonomyId=142 (accessed September 14, 2010)
Richmond, R.:Malware hits computerized industrial equipment (2010), http://bits.blogs.nytimes.com/2010/09/24/malware-hits-omputerized-industrial-equipment/?ref=middleeast (accessed September 24, 2010)
Christiansson, H., Luiijf, E.: Creating a European SCADA Security Testbed. Critical Infrastructure Protection, 237-247 (2007)
Byres, E., Creery, A.: Industrial cybersecurity for power system and SCADA networks. In: Petroleum and Chemical Industry Conference, 303-309 (2005)
Barbosa, R., Pras, A.: Intrusion Detection in SCADA Networks. Mechanisms for Autonomous Management of Networks and Services. 163-166 (2010)
DāAntonio, S., Oliviero, F., Setola, R.: High-speed intrusion detection in support of critical infrastructure protection. Critical Information Infrastructures Security, 222ā234 (2006)
Barbara, D., Wu, N., Jajodia, S.: Detecting novel network intrusions using bayes estimators. In: First SIAM Conference on Data Mining (2001)
Lane, T., Brodley, C.: An application of machine learning to anomaly detection. In: Proceedings of the 20th National Information Systems Security Conference, pp. 366ā377 (1997)
Valdes, A., Cheung, S., Lindqvist, U., et al.: Securing Current and Future Process Control Systems. In: International Federation for Information Processing Digital Library, pp. 99ā115 (2007)
Valdes, A., Cheung, S., Dutertre, B., et al.: Using model-based intrusion detection for SCADA networks. In: Proceedings of the SCADA Security Scientific Symposium (2006)
Salvi, D., Mazzariello, C., Oliviero, F., DāAntonio, S.: A Distributed multi-purpose IP flow monitor. In: 3Ā° International Workshop on Internet Performance, Simulation, Monitoring and Measurement IPS-MoMe 9 (2005)
Rrushi, J., Campbell, R.: Detecting Cyber Attacks On Nuclear Power Plants. Critical Infrastructure Protection, 41ā54 (2009)
DĆ¼ssel, P., Gehl, C., Laskov, P., et al.: Cyber-Critical Infrastructure Protection Using Real-time Payload-based Anomaly Detection. Critical Information Infrastructures Security, 85ā97 (2010)
Lawrence Berkeley National Laboratory Bro intrusion detection system (2010), http://www.bro-ids.org (accessed September 17, 2010)
Papa, M., Gonzalez, J.: Passive Scanning in Modbus Networks. International Federation for Information Processing Digital Library, 175ā187 (2007)
Cucurull, J., Asplund, M., Nadjm-Tehrani, S.: Anomaly detection and mitigation for disaster area networks. Recent Advances in Intrusion Detection, 339ā359 (2010)
Porras, P.A., Neumann, P.G.: EMERALD: Event monitoring enabling responses to anomalous live disturbances. In: Proceedings of the 20th National Information Systems Security Conference, pp. 353ā365 (1997)
Bigham, J., Gamez, D., Lu, N.: Safeguarding SCADA systems with anomaly detection. Computer Network Security, 171ā182 (2003)
Yang, D., Usynin, A., Hines, J.W.: Anomaly-based intrusion detection for SCADA systems. In: 5th Intl. Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies, pp. 12ā16 (2005)
Valdes, A., Cheung, S.: Communication pattern anomaly detection in process control systems. In: IEEE Conference on Technologies for Homeland Security, pp. 22ā29 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Garitano, I., Uribeetxeberria, R., Zurutuza, U. (2011). A Review of SCADA Anomaly Detection Systems. In: Corchado, E., SnĆ”Å”el, V., Sedano, J., Hassanien, A.E., Calvo, J.L., ÅlČ©zak, D. (eds) Soft Computing Models in Industrial and Environmental Applications, 6th International Conference SOCO 2011. Advances in Intelligent and Soft Computing, vol 87. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19644-7_38
Download citation
DOI: https://doi.org/10.1007/978-3-642-19644-7_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19643-0
Online ISBN: 978-3-642-19644-7
eBook Packages: EngineeringEngineering (R0)