liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Anomaly Detection in SCADA Network Traffic
Linköping University, Department of Computer and Information Science, Software and Systems.
2015 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Critical infrastructure provides us with the most important parts of modern society, electricity, water and transport. To increase efficiency and to meet new demands from the customer remote monitoring and control of the systems is necessary. This opens new ways for an attacker to reach the Supervisory Control And Data Acquisition (SCADA) systems that control and monitors the physical processes involved. This also increases the need for security features specially designed for these settings. Anomaly-based detection is a technique suitable for the more deterministic SCADA systems. This thesis uses a combination of two techniques to detect anomalies. The first technique is an automatic whitelist that learns the behavior of the network flows. The second technique utilizes the differences in arrival times of the network packets. A prototype anomaly detector has been developed in Bro. To analyze the IEC 60870-5-104 protocol a new parser for Bro was also developed. The resulting anomaly detector was able to achieve a high detection rate for three of the four different types of attacks evaluated. The studied methods of detection are promising when used in a highly deterministic setting, such as a SCADA system.

Place, publisher, year, edition, pages
2015. , 53 p.
National Category
Computer Engineering
Identifiers
URN: urn:nbn:se:liu:diva-122680ISRN: LIU-IDA/LITH-EX-A--15/062—SEOAI: oai:DiVA.org:liu-122680DiVA: diva2:871439
External cooperation
Sectra Communications AB
Subject / course
Computer Engineering
Supervisors
Examiners
Available from: 2015-11-16 Created: 2015-11-13 Last updated: 2015-11-16Bibliographically approved

Open Access in DiVA

fulltext(1336 kB)277 downloads
File information
File name FULLTEXT01.pdfFile size 1336 kBChecksum SHA-512
ee646a5efef7554c40bfaa0cc96b0bbd99aa19aeac16b62b2c36665fb39a387ba000abe5a12237c8bf226d0b2f8370fc3b944d7ad19b414f56e542f0cd93e965
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Udd, Robert
By organisation
Software and Systems
Computer Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 277 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 656 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf