Title :
A transfer function based intrusion detection system for SCADA systems
Author :
Papa, S. ; Casper, W. ; Nair, Saurabh
Author_Institution :
Lockheed Martin Aeronaut., Fort Worth, TX, USA
Abstract :
Most SCADA and industrial control systems have a limited and deterministic set of behaviors that results with a relatively small amount of variability during normal system operation. Automatic controller commands, operator commands and sensor measurement data within the system may be modified by an attacker to cause system failures. To detect these intrusions a Transfer Function based Intrusion Detection System (TFIDS) is proposed in this paper. Normal operational behaviors can be modeled and integrated into the TFIDS with alarm filtering and reporting rules. Trust anchors within the system are required to collect some of the signals, ensure the signal integrity when delivered to the TFIDS, and to host the TFIDS if physical attacks are a concern. This paper provides an overview of the TFIDS and simulation results for attacks on a waste water treatment system with and without the TFIDS.
Keywords :
SCADA systems; filtering theory; security of data; system recovery; transfer functions; SCADA systems; TFIDS; alarm filtering; automatic controller commands; industrial control systems; normal operational behaviors; normal system operation; operator commands; reporting rules; sensor measurement data; signal integrity; system failure; transfer function based intrusion detection system; trust anchors; waste water treatment system; IP networks; Intrusion detection; Mathematical model; Reservoirs; SCADA systems; Servers; Transfer functions; SCADA; embedded security; intrusion detection system; secure hardware; secure software; trust; trust anchor;
Conference_Titel :
Homeland Security (HST), 2012 IEEE Conference on Technologies for
Conference_Location :
Waltham, MA
Print_ISBN :
978-1-4673-2708-4
DOI :
10.1109/THS.2012.6459831
