Communication pattern anomaly detection in process control systems

Author

Valdes, Alfonso ; Cheung, Steven

Author_Institution

SRI Int., Menlo Park, CA, USA

fYear

2009

fDate

11-12 May 2009

Firstpage

22

Lastpage

29

Abstract

Digital control systems are increasingly being deployed in critical infrastructure such as electric power generation and distribution. To protect these process control systems, we present a learning-based approach for detecting anomalous network traffic patterns. These anomalous patterns may correspond to attack activities such as malware propagation or denial of service. Misuse detection, the mainstream intrusion detection approach used today, typically uses attack signatures to detect known, specific attacks, but may not be effective against new or variations of known attacks. Our approach, which does not rely on attack-specific knowledge, may provide a complementary detection capability for protecting digital control systems.

Keywords

digital control; digital signatures; telecommunication control; telecommunication traffic; anomalous network traffic pattern detection; attack signature; digital control system; learning-based approach; misuse detection; process control system; Communication system traffic control; Computer crime; Distributed control; Intrusion detection; Learning; Master-slave; Pattern matching; Process control; Programmable control; Training data;

fLanguage

English

Publisher

ieee

Conference_Titel

Technologies for Homeland Security, 2009. HST '09. IEEE Conference on

Conference_Location

Boston, MA

Print_ISBN

978-1-4244-4178-5

Type

conf

DOI

10.1109/THS.2009.5168010

Filename

5168010