Peter Maynard

Publications | Slides | Contact
( G-Scholar | ORCID| GPG )

Using Application Layer Metrics to Detect Advanced SCADA Attacks

Peter Maynard, Kieran McLaughlin, Sakir Sezer

Current state-of-the-art intrusion detection and network monitoring systems have a tendency to focus on the 'Five-Tuple' features (protocol, IP src/dst and port src/dest). As a result there is a gap in visibility of security at an application level. We propose a collection of network application layer metrics to provide a greater insight into SCADA communications. These metrics are devised from an analysis of the industrial control system (ICS) threat landscape and the current state-of-the-art detection systems. Our metrics are able to detect a range of adversary capabilities which goes beyond previous literature in the SCADA domain.

4th International Conference on Information Systems Security and Privacy (2018)

ICS, IDS, Network, SCADA, Security, SIEM

Conference [ DOI URL PDF Poster ]

@conference{
 author   = "Peter Maynard and Kieran McLaughlin and Sakir Sezer",
 title 	  = "Using Application Layer Metrics to Detect Advanced SCADA Attacks",
 journal  = "4th International Conference on Information Systems Security and Privacy ",
 year 	  = "2018",
 doi 	  = "http://dx.doi.org/10.5220/0006656204180425",
 url 	  = "http://www.scitepress.org/DigitalLibrary/Link.aspx?doi=10.5220/0006656204180425"
}