A Method to Construct Network Traffic Models for Process Control Systems

Nowadays, it is a well-known fact that modern Critical Infrastructures (CIs) depend on Information and Communication Technologies (ICT). Supervisory Control and Data Acquisition (SCADA) systems with off the shelf ICT hardware and software found their way in Process Control Systems (PCSs) due to their simplicity and cost-efficiency.However, recent incidents such as Stuxnet, Duqu and Night Dragon revealed new ICT vulnerabilities and attack scenarios in PCSs. Consequently, today we find several approaches for conducting security studies on SCADA systems. Nevertheless, as shown by recent events, security studies on real SCADA systems are challenging due to the lack of proper experimentation environments. Through this work we develop a method to generate realistic network traffic in laboratory conditions without the need of a real PCS installation. Our main contribution is that this could be the basis of future anomaly detection systems and it could support experimentation through the recreation of realistic traffic in simulated environments. The accuracy and fidelity of the proposed approach was validated with several statistical methods that compare the predicted traffic with traffic taken from a real installation.

GARITANO Inaki;  SIATERLIS Christos;  GENGE Bela;  URIBEETXEBERRIA Roberto;  ZURUTUZA Urko; 

2013-08-13

IEEE

JRC69998

978-1-4673-4737-2,   

1946-0759,   

http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6489550&tag=1,    https://publications.jrc.ec.europa.eu/repository/handle/JRC69998,   

10.1109/ETFA.2012.6489550,