Blog
About

  • Record: found
  • Abstract: found
  • Article: found
Is Open Access

A Practical flow white list approach for SCADA systems

, ,

4th International Symposium for ICS & SCADA Cyber Security Research 2016 (ICS-CSR)

Cyber Security Research

23 - 25 August 2016

white listing, critical infrastructure protection, SCADA networks.

Read this article at

Bookmark
      There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

      Abstract

      The blatant vulnerability of industrial control systems, including those controlling critical infrastructure, is now well known. There is a need for immediately applicable security solutions that do not interfere with normal operations. Intrusion detection through flow white listing is an approach that can detect multiple components of modern attacks such as pivoting and command and control channels. However, the white list approach is not compatible with current black listbased IDS technology. This paper presents a practical approach for implementing flow white listing in SCADA system. The approach extracts a flow white list from a known good packet capture and inverts the decision logic to programmatically generate a rule set that can be consumed by a black list-based IDS. A performance evaluation shows that the approach is viable for SCADA systems, where the number of communication pairs is limited and traffic is mostly deterministic.

      Related collections

      Most cited references 12

      • Record: found
      • Abstract: not found
      • Article: not found

      Leveraging determinism in industrial control systems for advanced anomaly detection and reliable security configuration

        Bookmark
        • Record: found
        • Abstract: not found
        • Article: not found

        Flow whitelisting in SCADA networks

          Bookmark
          • Record: found
          • Abstract: not found
          • Article: not found

          A first look into SCADA network traffic

            Bookmark

            Author and article information

            Affiliations
            École Polytechnique de Montréal
            Contributors
            Conference
            October 2016
            October 2016
            : 23-31
            10.14236/ewic/ICS2016.4
            © Lemay et al. Published byLearning & Development LtdProceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            4th International Symposium for ICS & SCADA Cyber Security Research 2016
            ICS-CSR
            4
            Queen’s Belfast University, UK
            23 - 25 August 2016
            Electronic Workshops in Computing (eWiC)
            Cyber Security Research
            Product
            Product Information: 1477-9358 BCS Learning & Development
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Electronic Workshops in Computing

            Comments

            Comment on this article