 Locating subverted processes using random packet comparison in SCADA systemsThomas Richard McEvoy and Stephen D. Wolthusen International Journal of Critical Infrastructures, 2013, vol. 9, issue 1/2, 32-51 Abstract: A supervisory control and data acquisition (SCADA) system may be subject to integrity attacks. Anomalies in sensor measurements may be used to detect these attacks, but such techniques do not permit us to locate attacking nodes. We propose a novel technique to enable this. Each participating network node probabilistically copies packets and marks them with routing information, before encrypting them with private keys and forwarding them to the operator. Nodes regularly release the keys used to encrypt packets. At that point, the operator may compare the copied packets with the original. Using the differences in packet content and routing information, it is possible to deduce to within one or two processes the location of an attack. Our approach is based on IP traceback techniques originally used for detecting the origin of denial of service attacks. The complexity of the approach is low and the technique can be shown to be resilient to counter-attack. Keywords: pi-calculus; supervisory control; data acquisition; SCADA systems; adversary detection; subverted processes; random packet comparison; integrity attacks; attacking node location; attack location; packet content; routing information; IP traceback; critical infrastructures. (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:ids:ijcist:v:9:y:2013:i:1/2:p:32-51 Access Statistics for this article More articles in International Journal of Critical Infrastructures from Inderscience Enterprises Ltd |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.