Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Understanding IEC-60870-5-104 Traffic Patterns in SCADA Networks
Linköping University, Department of Computer and Information Science, Software and Systems. Linköping University, Faculty of Science & Engineering. (RTSLAB - Real-Time Systems Laboratory)ORCID iD: 0000-0003-2596-9355
Linköping University, Department of Computer and Information Science, Software and Systems. Linköping University, Faculty of Science & Engineering. (RTSLAB - Real-Time Systems Laboratory)ORCID iD: 0000-0002-1485-0802
2018 (English)In: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security, NY, USA: ACM , 2018, p. 51-60Conference paper, Published paper (Refereed)
Abstract [en]

The IEC-60870-5-104 (IEC-104) protocol is commonly used in Supervisory Control and Data Acquisition (SCADA) networks to operate critical infrastructures, such as power stations. As the importance of SCADA security is growing, characterization and modeling of SCADA traffic for developing defense mechanisms based on the regularity of the polling mechanism used in SCADA systems has been studied, whereas the characterization of traffic caused by non-polling mechanisms, such as spontaneous events, has not been well-studied. This paper provides a first look at how the traffic flowing between SCADA components changes over time. It proposes a method built upon Probabilistic Suffix Tree (PST) to discover the underlying timing patterns of spontaneous events. In 11 out of 14 tested data sequences, we see evidence of existence of underlying patterns. Next, the prediction capability of the approach, useful for devising anomaly detection mechanisms, is studied. While some data patterns enable an 80% prediction possibility, more work is needed to tune the method for higher accuracy.

Place, publisher, year, edition, pages
NY, USA: ACM , 2018. p. 51-60
Series
CPSS ’18
Keywords [en]
iec-60870-5-104, probabilistic suffix tree(pst), scada, traffic patterns
National Category
Communication Systems
Identifiers
URN: urn:nbn:se:liu:diva-154412DOI: 10.1145/3198458.3198460ISI: 000461237800008ISBN: 978-1-4503-5755-5 (print)OAI: oai:DiVA.org:liu-154412DiVA, id: diva2:1287470
Conference
CPSS, Incheon, Korea, June 4, 2018
Projects
RICS (Resilient Information and Control Systems)
Note

Funding agencies: Swedish Civil Contingencies Agency (MSB)

Available from: 2019-02-11 Created: 2019-02-11 Last updated: 2019-04-01Bibliographically approved

Open Access in DiVA

fulltext(1686 kB)52 downloads
File information
File name FULLTEXT02.pdfFile size 1686 kBChecksum SHA-512
30e411d80ec1f911cbd05d66bb612ade90ae365525cc65928a7d5218fd8a5da56944d857528e9bea9c0445039cc2d85b8c8c3b3d3120d8f21a447616fa1806d5
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Search in DiVA

By author/editor
Lin, Chih-YuanNadjm-Tehrani, Simin
By organisation
Software and SystemsFaculty of Science & Engineering
Communication Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 52 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 50 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf