Blog
About

134
views
0
recommends
+1 Recommend
1 collections
    4
    shares
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      A Practical flow white list approach for SCADA systems

      , ,

      4th International Symposium for ICS & SCADA Cyber Security Research 2016 (ICS-CSR)

      Cyber Security Research

      23 - 25 August 2016

      white listing, critical infrastructure protection, SCADA networks.

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          The blatant vulnerability of industrial control systems, including those controlling critical infrastructure, is now well known. There is a need for immediately applicable security solutions that do not interfere with normal operations. Intrusion detection through flow white listing is an approach that can detect multiple components of modern attacks such as pivoting and command and control channels. However, the white list approach is not compatible with current black listbased IDS technology. This paper presents a practical approach for implementing flow white listing in SCADA system. The approach extracts a flow white list from a known good packet capture and inverts the decision logic to programmatically generate a rule set that can be consumed by a black list-based IDS. A performance evaluation shows that the approach is viable for SCADA systems, where the number of communication pairs is limited and traffic is mostly deterministic.

          Related collections

          Most cited references 12

          • Record: found
          • Abstract: not found
          • Article: not found

          Leveraging determinism in industrial control systems for advanced anomaly detection and reliable security configuration

            Bookmark
            • Record: found
            • Abstract: not found
            • Article: not found

            Flow whitelisting in SCADA networks

              Bookmark
              • Record: found
              • Abstract: not found
              • Article: not found

              A first look into SCADA network traffic

                Bookmark

                Author and article information

                Contributors
                Conference
                October 2016
                October 2016
                : 23-31
                Affiliations
                École Polytechnique de Montréal
                Article
                10.14236/ewic/ICS2016.4
                © Lemay et al. Published byLearning & Development LtdProceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016

                This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

                4th International Symposium for ICS & SCADA Cyber Security Research 2016
                ICS-CSR
                4
                Queen’s Belfast University, UK
                23 - 25 August 2016
                Electronic Workshops in Computing (eWiC)
                Cyber Security Research
                Product
                Product Information: 1477-9358 BCS Learning & Development
                Self URI (journal page): https://ewic.bcs.org/
                Categories
                Electronic Workshops in Computing

                Comments

                Comment on this article