Skip to main content
SpringerLink
Log in

Defeating Node Based Attacks on SCADA Systems Using Probabilistic Packet Observation

  • Conference paper
Critical Information Infrastructure Security (CRITIS 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6983))

Abstract

Supervisory control and data acquisition (SCADA) systems form a vital part of the critical infrastructure. Such systems are subject to sophisticated attacks by subverted processes which can manipulate message content or forge authentic messages, undermining the action of the plant, whilst hiding the effects from operators. In this paper, we propose a novel network protocol which, using techniques related to IP Traceback, enables the efficient discovery of subverted nodes, assuming an initial detection event. We discuss its advantages over previous techniques in this area and provide a formal model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chen, T.M., Abu-Nimeh, S.: Lessons from Stuxnet. IEEE Computer 44(4), 91–93 (2011)

    Article  Google Scholar 

  2. McEvoy, T.R., Wolthusen, S.: A Plant-Wide Industrial Process Control Security Problem. In: Butts, J., Shenoi, S. (eds.) Critical Infrastructure Protection V. IFIP AICT, vol. 367, pp. 47–56. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  3. McEvoy, T.R., Wolthusen, S.D.: A Formal Adversary Capability Model for SCADA Environments. In: Xenakis, C., Wolthusen, S. (eds.) CRITIS 2010. LNCS, vol. 6712, pp. 93–103. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  4. Verba, J., Milvich, M.: Idaho National Laboratory Supervisory Control and Data Acquisition Intrusion Detection System (SCADA IDS). In: IEEE Conference on Technologies for Homeland Security, pp. 469–473 (2008)

    Google Scholar 

  5. Gamez, D., Nadjm-tehrani, S., Bigham, J., Balducelli, C., Burbeck, K., Chyssler, T.: Safeguarding Critical Infrastructures. In: Dependable Computing Systems: Paradigms, Performance Issues, and Applications. Wiley[Imprint], Inc. (2000)

    Google Scholar 

  6. McEvoy, T.R., Wolthusen, S.D.: Trouble Brewing: Using Observations of Invariant Behavior to Detect Malicious Agency in Distributed Control Systems. In: Rome, E., Bloomfield, R. (eds.) CRITIS 2009. LNCS, vol. 6027, pp. 62–72. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  7. Svendsen, N., Wolthusen, S.: Using Physical Models for Anomaly Detection in Control Systems. In: Palmer, C., Shenoi, S. (eds.) Critical Infrastructure Protection III. IFIP AICT, vol. 311, pp. 139–149. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  8. Sheng, S., Chan, W., Li, K., Xianzhong, D., Xiangjun, Z.: Context Information-based Cyber Security Defense of Protection System. IEEE Transactions on Power Delivery 22(3), 1477–1481 (2007)

    Article  Google Scholar 

  9. Al-Duwairi, B., Govindarasu, M.: Novel Hybrid Schemes Employing Packet Marking and Logging for IP Traceback. IEEE Transactions on Parallel and Distributed Systems 17(5), 403–418 (2006)

    Article  Google Scholar 

  10. Park, K., Lee, H.: On the Effectiveness of Probabilistic Packet Marking for IP Traceback Under Denial of Service Attack. In: INFOCOM 2001: Proceedings of the Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 1, pp. 338–347 (2001)

    Google Scholar 

  11. Benetti, D., Merro, M., Viganò, L.: Model Checking Ad Hoc Network Routing Protocols: ARAN vs. endairA. In: SEFM, pp. 191–202 (2010)

    Google Scholar 

  12. Dean, D., Franklin, M., Stubblefield, A.: An Algebraic Approach to IP Traceback. ACM Transactions on Information System Security 5, 119–137 (2002)

    Article  Google Scholar 

  13. Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Network Support for IP Traceback. IEEE/ACM Transactions on Networking 9(3), 226–237 (2001)

    Article  Google Scholar 

  14. Song, D.X., Perrig, A.: Advanced and Authenticated Marking Schemes for IP Traceback. In: INFOCOM 2001: Proceedings of the Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 2, pp. 878–886 (2001)

    Google Scholar 

  15. Wong, T.Y., Wong, M.H., Lui, C.S.: A Precise Termination Condition of the Probabilistic Packet Marking Algorithm. IEEE Transactions on Dependable and Secure Computing 5(1), 6–21 (2008)

    Article  Google Scholar 

  16. Simon, D.: Optimal State Estimation: Kalman, H Infinity, and Nonlinear Approaches, 1. auflage edn. Wiley & Sons (August 2006)

    Google Scholar 

  17. Sangiorgi, D., Walker, D.: π-Calculus: A Theory of Mobile Processes. Cambridge University Press, New York (2001)

    Google Scholar 

  18. Cardenas, A.A., Roosta, T., Sastry, S.: Rethinking Security Properties, Threat Models, and the Design Space in Sensor Networks: A Case Study in SCADA Systems. Ad Hoc Networks 7(8), 1434–1447 (2009), Privacy and Security in Wireless Sensor and Ad Hoc Networks

    Google Scholar 

  19. Ye, F., Yang, H., Liu, Z.: Catching “Moles” in Sensor Networks. In: ICDCS, p. 69 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Norwegian Information Security Laboratory, Department of Computer Science, Gjøvik University College, Norway

    Stephen D. Wolthusen

  2. Information Security Group, Department of Mathematics, Royal Holloway, University of London, UK

    Thomas Richard McEvoy & Stephen D. Wolthusen

Authors
  1. Thomas Richard McEvoy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stephen D. Wolthusen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. ENEA, Via Anguillarese 301, S. Maria di Galeria, 00060, Rome, Italy

    Sandro Bologna

  2. Acris GmbH, Bodenhofstr. 29, 6005, Luzern, Switzerland

    Bernhard Hämmerli

  3. Dept. of Informatics, Athens University of Economics and Business, 47 Evelpidon Str., 113 62, Athens, Greece

    Dimitris Gritzalis

  4. Dept. of Mathematics, Royal Holloway, University of London, TW20 0EX, Egham, UK

    Stephen Wolthusen

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

McEvoy, T.R., Wolthusen, S.D. (2013). Defeating Node Based Attacks on SCADA Systems Using Probabilistic Packet Observation. In: Bologna, S., Hämmerli, B., Gritzalis, D., Wolthusen, S. (eds) Critical Information Infrastructure Security. CRITIS 2011. Lecture Notes in Computer Science, vol 6983. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41476-3_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41476-3_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41475-6

  • Online ISBN: 978-3-642-41476-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation