Detailed Information
Cited 0 time in 
Cited 0 time in 
Cited 0 time in
Metadata Downloads
Anomaly Detection Based on Burst Characteristics for DNP3Anomaly Detection Based on Burst Characteristics for DNP3
- Other Titles
- Anomaly Detection Based on Burst Characteristics for DNP3
- Issue Date
- Jul-2018
- Publisher
- 한국통신학회
- Keywords
- Anomaly Detection; Burst-based; DNP3; Intrusion Detection; SCADA; White List
- Citation
- 한국통신학회논문지, v.43, no.7, pp 1084 - 1099
- Pages
- 16
- Indexed
- KCI
- Journal Title
- 한국통신학회논문지
- Volume
- 43
- Number
- 7
- Start Page
- 1084
- End Page
- 1099
- ISSN
- 1226-4717
2287-3880
- Abstract
- The SCADA (supervisory control and data acquisition) system has many existing security vulnerabilities because the systems are connected on network-based communications. Whereas conventional attacks concentrate on the server or master in the internet environment, direct attacks to outstations or slaves may cause significant damage in the SCADA system. If an attacker has a good knowledge of the control protocols of the SCADA system, it could attack an outstation disguised as a master. In this situation, the rule-based intrusion detection system might not be able to classify the malicious control message as intrusion because the message appears as a normal message. In this paper, an intrusion detection model based on the burst characteristics of the SCADA system with DNP3 (distributed network protocol) is proposed for outstations. Using the challenge-response authentication of the DNP3 protocol, the proposed model automatically updates a white list used to determine the control message.
- Files in This Item
- There are no files associated with this item.
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
Related Researcher
- Lim, Dae Woon
- College of Engineering (Department of Information and Communication Engineering)