liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Exploiting Bro for Intrusion Detection in a SCADA System
Sectra AB, Linköping, Sweden.
Linköping University, Department of Computer and Information Science, Software and Systems. Linköping University, Faculty of Science & Engineering. (Real-time Systems Laboratory)ORCID iD: 0000-0003-1916-3398
Linköping University, Department of Computer and Information Science, Software and Systems. Linköping University, Faculty of Science & Engineering. (Real-time Systems Laboratory)
The Royal Institute of Technology, Stockholm, Sweden. (Industrial Information and Control Systems)
Show others and affiliations
2016 (English)In: Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security, ACM Digital Library, 2016, 44-51 p.Conference paper (Refereed)
Abstract [en]

Supervisory control and data acquisition (SCADA) systemsthat run our critical infrastructure are increasingly run withInternet-based protocols and devices for remote monitoring.The embedded nature of the components involved, and thelegacy aspects makes adding new security mechanisms in anefficient manner far from trivial. In this paper we studyan anomaly detection based approach that enables detect-ing zero-day malicious threats and benign malconfigurationsand mishaps. The approach builds on an existing platform(Bro) that lends itself to modular addition of new proto-col parsers and event handling mechanisms. As an examplewe have shown an application of the technique to the IEC-60870-5-104 protocol and tested the anomaly detector withmixed results. The detection accuracy and false positiverate, as well as real-time response was adequate for 3 ofour 4 created attacks. We also discovered some additionalwork that needs to be done to an existing protocol parser toextend its reach.

Place, publisher, year, edition, pages
ACM Digital Library, 2016. 44-51 p.
Keyword [en]
Anomaly detection, IDS, Bro, SCADA, IEC 60870-5-104
National Category
Computer Science
URN: urn:nbn:se:liu:diva-131559DOI: 10.1145/2899015.2899028ISBN: 978-1-4503-4288-9OAI: diva2:974379
2nd ACM Cyber-Physical System Security Workshop (CPSS 2016), held in conjunction with ACM Asia Conference on Computer and Communications Security (Asia CCS'16), Xi’an, China, May 30 - June 03, 2016
VINNOVASwedish Civil Contingencies AgencyLinköpings universitet
Available from: 2016-09-26 Created: 2016-09-26 Last updated: 2016-10-03Bibliographically approved

Open Access in DiVA

fulltext(1667 kB)3 downloads
File information
File name FULLTEXT02.pdfFile size 1667 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Search in DiVA

By author/editor
Asplund, MikaelNadjm-Tehrani, Simin
By organisation
Software and SystemsFaculty of Science & Engineering
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 3 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Altmetric score

Total: 17 hits
ReferencesLink to record
Permanent link

Direct link