Blog
About

25
views
0
recommends
+1 Recommend
0 collections
    0
    shares
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Passive Fingerprinting of SCADA in Critical Infrastructure Network without Deep Packet Inspection

      Preprint

      , , ,

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          We present the first technique of passive fingerprinting for Supervisory Control And Data Acquisition (SCADA) networks without Deep Packet Inspection (DPI) and experience on real environment. Unlike existing work, our method does not rely on the functions of a specific product or DPI of the SCADA protocol. Our inference method, which is based on the intrinsic characteristics of SCADA, first identifies the network port used for the SCADA protocol, then consecutively infers the field devices and master server. We evaluated the effectiveness of our method using two network traces collected from a real environment for a month and a half, three days from different CI respectively. This confirmed the ability of our method to capture most of the SCADA with high F-score nearly 1, except for HMIs connected to master server, and demonstrated the practical applicability of the method.

          Related collections

          Author and article information

          Journal
          2016-08-27
          Article
          1608.07679

          http://arxiv.org/licenses/nonexclusive-distrib/1.0/

          Custom metadata
          IEEE 8 pages, submitted
          cs.CR

          Security & Cryptology

          Comments

          Comment on this article