liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Anomaly Detection in SCADA Network Traffic
Linköping University, Department of Computer and Information Science, Software and Systems.
2015 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Critical infrastructure provides us with the most important parts of modern society, electricity, water and transport. To increase efficiency and to meet new demands from the customer remote monitoring and control of the systems is necessary. This opens new ways for an attacker to reach the Supervisory Control And Data Acquisition (SCADA) systems that control and monitors the physical processes involved. This also increases the need for security features specially designed for these settings. Anomaly-based detection is a technique suitable for the more deterministic SCADA systems. This thesis uses a combination of two techniques to detect anomalies. The first technique is an automatic whitelist that learns the behavior of the network flows. The second technique utilizes the differences in arrival times of the network packets. A prototype anomaly detector has been developed in Bro. To analyze the IEC 60870-5-104 protocol a new parser for Bro was also developed. The resulting anomaly detector was able to achieve a high detection rate for three of the four different types of attacks evaluated. The studied methods of detection are promising when used in a highly deterministic setting, such as a SCADA system.

Place, publisher, year, edition, pages
2015. , 53 p.
National Category
Computer Engineering
URN: urn:nbn:se:liu:diva-122680ISRN: LIU-IDA/LITH-EX-A--15/062—SEOAI: diva2:871439
External cooperation
Sectra Communications AB
Subject / course
Computer Engineering
Available from: 2015-11-16 Created: 2015-11-13 Last updated: 2015-11-16Bibliographically approved

Open Access in DiVA

fulltext(1336 kB)190 downloads
File information
File name FULLTEXT01.pdfFile size 1336 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Udd, Robert
By organisation
Software and Systems
Computer Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 190 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 279 hits
ReferencesLink to record
Permanent link

Direct link