Abstract
Supervisory control and data acquisition (SCADA) systems form a vital part of the critical infrastructure. Such systems are subject to sophisticated attacks by subverted processes which can manipulate message content or forge authentic messages, undermining the action of the plant, whilst hiding the effects from operators. In this paper, we propose a novel network protocol which, using techniques related to IP Traceback, enables the efficient discovery of subverted nodes, assuming an initial detection event. We discuss its advantages over previous techniques in this area and provide a formal model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chen, T.M., Abu-Nimeh, S.: Lessons from Stuxnet. IEEE Computer 44(4), 91–93 (2011)
McEvoy, T.R., Wolthusen, S.: A Plant-Wide Industrial Process Control Security Problem. In: Butts, J., Shenoi, S. (eds.) Critical Infrastructure Protection V. IFIP AICT, vol. 367, pp. 47–56. Springer, Heidelberg (2011)
McEvoy, T.R., Wolthusen, S.D.: A Formal Adversary Capability Model for SCADA Environments. In: Xenakis, C., Wolthusen, S. (eds.) CRITIS 2010. LNCS, vol. 6712, pp. 93–103. Springer, Heidelberg (2011)
Verba, J., Milvich, M.: Idaho National Laboratory Supervisory Control and Data Acquisition Intrusion Detection System (SCADA IDS). In: IEEE Conference on Technologies for Homeland Security, pp. 469–473 (2008)
Gamez, D., Nadjm-tehrani, S., Bigham, J., Balducelli, C., Burbeck, K., Chyssler, T.: Safeguarding Critical Infrastructures. In: Dependable Computing Systems: Paradigms, Performance Issues, and Applications. Wiley[Imprint], Inc. (2000)
McEvoy, T.R., Wolthusen, S.D.: Trouble Brewing: Using Observations of Invariant Behavior to Detect Malicious Agency in Distributed Control Systems. In: Rome, E., Bloomfield, R. (eds.) CRITIS 2009. LNCS, vol. 6027, pp. 62–72. Springer, Heidelberg (2010)
Svendsen, N., Wolthusen, S.: Using Physical Models for Anomaly Detection in Control Systems. In: Palmer, C., Shenoi, S. (eds.) Critical Infrastructure Protection III. IFIP AICT, vol. 311, pp. 139–149. Springer, Heidelberg (2009)
Sheng, S., Chan, W., Li, K., Xianzhong, D., Xiangjun, Z.: Context Information-based Cyber Security Defense of Protection System. IEEE Transactions on Power Delivery 22(3), 1477–1481 (2007)
Al-Duwairi, B., Govindarasu, M.: Novel Hybrid Schemes Employing Packet Marking and Logging for IP Traceback. IEEE Transactions on Parallel and Distributed Systems 17(5), 403–418 (2006)
Park, K., Lee, H.: On the Effectiveness of Probabilistic Packet Marking for IP Traceback Under Denial of Service Attack. In: INFOCOM 2001: Proceedings of the Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 1, pp. 338–347 (2001)
Benetti, D., Merro, M., Viganò, L.: Model Checking Ad Hoc Network Routing Protocols: ARAN vs. endairA. In: SEFM, pp. 191–202 (2010)
Dean, D., Franklin, M., Stubblefield, A.: An Algebraic Approach to IP Traceback. ACM Transactions on Information System Security 5, 119–137 (2002)
Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Network Support for IP Traceback. IEEE/ACM Transactions on Networking 9(3), 226–237 (2001)
Song, D.X., Perrig, A.: Advanced and Authenticated Marking Schemes for IP Traceback. In: INFOCOM 2001: Proceedings of the Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 2, pp. 878–886 (2001)
Wong, T.Y., Wong, M.H., Lui, C.S.: A Precise Termination Condition of the Probabilistic Packet Marking Algorithm. IEEE Transactions on Dependable and Secure Computing 5(1), 6–21 (2008)
Simon, D.: Optimal State Estimation: Kalman, H Infinity, and Nonlinear Approaches, 1. auflage edn. Wiley & Sons (August 2006)
Sangiorgi, D., Walker, D.: π-Calculus: A Theory of Mobile Processes. Cambridge University Press, New York (2001)
Cardenas, A.A., Roosta, T., Sastry, S.: Rethinking Security Properties, Threat Models, and the Design Space in Sensor Networks: A Case Study in SCADA Systems. Ad Hoc Networks 7(8), 1434–1447 (2009), Privacy and Security in Wireless Sensor and Ad Hoc Networks
Ye, F., Yang, H., Liu, Z.: Catching “Moles” in Sensor Networks. In: ICDCS, p. 69 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
McEvoy, T.R., Wolthusen, S.D. (2013). Defeating Node Based Attacks on SCADA Systems Using Probabilistic Packet Observation. In: Bologna, S., Hämmerli, B., Gritzalis, D., Wolthusen, S. (eds) Critical Information Infrastructure Security. CRITIS 2011. Lecture Notes in Computer Science, vol 6983. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41476-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-41476-3_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41475-6
Online ISBN: 978-3-642-41476-3
eBook Packages: Computer ScienceComputer Science (R0)