Current state-of-the-art intrusion detection and network monitoring systems have a tendency to focus on the 'Five-Tuple' features (protocol, IP src/dst and port src/dest). As a result there is a gap in visibility of security at an application level. We propose a collection of network application layer metrics to provide a greater insight into SCADA communications. These metrics are devised from an analysis of the industrial control system (ICS) threat landscape and the current state-of-the-art detection systems. Our metrics are able to detect a range of adversary capabilities which goes beyond previous literature in the SCADA domain.
4th International Conference on Information Systems Security and Privacy (2018)
ICS, IDS, Network, SCADA, Security, SIEM
@conference{
author = "Peter Maynard and Kieran McLaughlin and Sakir Sezer",
title = "Using Application Layer Metrics to Detect Advanced SCADA Attacks",
journal = "4th International Conference on Information Systems Security and Privacy ",
year = "2018",
doi = "http://dx.doi.org/10.5220/0006656204180425",
url = "http://www.scitepress.org/DigitalLibrary/Link.aspx?doi=10.5220/0006656204180425"
}