Difficulties in Modeling SCADA Traffic: A Comparative Analysis

Barbosa, Rafael R. R.; Sadre, Ramin; Pras, Aiko

doi:10.1007/978-3-642-28537-0_13

Rafael R. R. Barbosa¹⁸,
Ramin Sadre¹⁸ &
Aiko Pras¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 7192))

Included in the following conference series:

International Conference on Passive and Active Network Measurement

1848 Accesses
32 Citations

Abstract

Modern critical infrastructures, such as water distribution and power generation, are large facilities that are distributed over large geographical areas. Supervisory Control and Data Acquisition (SCADA) networks are deployed to guarantee the correct operation and safety of these infrastructures. In this paper, we describe key characteristics of SCADA traffic, verifying if models developed for traffic in traditional IT networks are applicable. Our results show that SCADA traffic largely differs from traditional IT traffic, more noticeably not presenting diurnal patters or self-similar correlations in the time series.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 54.99; Price excludes VAT (USA)

Softcover Book: USD 69.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Kobayashi, T.H., Batista, A.B., Brito, A.M., Pires, P.S.M.: Using a packet manipulation tool for security analysis of industrial network protocols. In: IEEE Conference on Emerging Technologies and Factory Automation (ETFA), pp. 744–747 (2007)
Google Scholar
Cheung, S., Skinner, K., Dutertre, B., Fong, M., Lindqvist, U., Valdes, A.: Using model-based intrusion detection for SCADA networks. In: Proceedings of the SCADA Security Scientific Symposium, pp. 1–12. Citeseer (2007)
Google Scholar
Valdes, A., Cheung, S.: Communication pattern anomaly detection in process control systems. In: IEEE Conference on Technologies for Homeland Security, HST 2009, pp. 22–29. IEEE (May 2009)
Google Scholar
Leland, W.E., Willinger, W., Taqqu, M.S., Wilson, D.V.: On the self-similar nature of Ethernet traffic. ACM SIGCOMM Computer Communication Review 25(1), 202–213 (1995)
Article Google Scholar
Paxson, V., Floyd, S.: Wide area traffic: the failure of Poisson modeling. IEEE/ACM Transactions on Networking 3(3), 226–244 (1995)
Article Google Scholar
Crovella, M.E., Bestavros, A.: Self-similarity in World Wide Web traffic: evidence and possible causes. IEEE/ACM Transactions on Networking 5(6), 835–846 (1997)
Article Google Scholar
Downey, A.: Lognormal and Pareto distributions in the Internet. Computer Communications 28(7), 790–801 (2005)
Article Google Scholar
Gong, W.-B., Liu, Y., Misra, V., Towsley, D.: Self-similarity and long range dependence on the internet: a second look at the evidence, origins and implications. Computer Networks 48(3), 377–399 (2005); Long Range Dependent Traffic
Article Google Scholar
Loiseau, P., Goncalves, P., Dewaele, G., Borgnat, P., Abry, P., Primet, P.V.-B.: Investigating Self-Similarity and Heavy-Tailed Distributions on a Large-Scale Experimental Facility. IEEE/ACM Transactions on Networking 18(4), 1261–1274 (2010)
Article Google Scholar
Vázquez, A., Pastor-Satorras, R., Vespignani, A.: Large-scale topological and dynamical properties of the internet. Physical Review E 65 (2002)
Google Scholar
Sadre, R., Haverkort, B.R.: Changes in the Web from 2000 to 2007. In: De Turck, F., Kellerer, W., Kormentzas, G. (eds.) DSOM 2008. LNCS, vol. 5273, pp. 136–148. Springer, Heidelberg (2008)
Chapter Google Scholar
Floyd, S., Paxson, V.: Difficulties in simulating the Internet. IEEE/ACM Transactions on Networking 9(4), 392–403 (2001)
Article Google Scholar
Barbosa, R.R.R., Sadre, R., Pras, A.: A First Look into SCADA Network Traffic. In: Network Operations and Management Symposium, NOMS (to appear, 2012)
Google Scholar
Jacobson, V., Leres, C., McCanne, S., et al.: Tcpdump (1989)
Google Scholar
Barbosa, R.R.R., Sadre, R., Pras, A., van de Meent, R.: Simpleweb/university of twente traffic traces data repository. Technical report, Centre for Telematics and Information Technology, University of Twente (April 2010)
Google Scholar
Nuzman, C., Saniee, I., Sweldens, W., Weiss, A.: A compound model for TCP connection arrivals for LAN and WAN applications. Computer Networks 40(3), 319–337 (2002)
Article Google Scholar

Download references

Author information

Authors and Affiliations

Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands
Rafael R. R. Barbosa, Ramin Sadre & Aiko Pras

Authors

Rafael R. R. Barbosa
View author publications
You can also search for this author in PubMed Google Scholar
Ramin Sadre
View author publications
You can also search for this author in PubMed Google Scholar
Aiko Pras
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Technicolor, 735 Emerson Street, 94301, Palo Alto, CA, USA
Nina Taft
FTW Forschungszentrum Telekommunikation Wien GmbH, Donau-City-Straße 1, 1220, Wien, Österreich, Austria
Fabio Ricciato

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Barbosa, R.R.R., Sadre, R., Pras, A. (2012). Difficulties in Modeling SCADA Traffic: A Comparative Analysis. In: Taft, N., Ricciato, F. (eds) Passive and Active Measurement. PAM 2012. Lecture Notes in Computer Science, vol 7192. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28537-0_13

Download citation

DOI: https://doi.org/10.1007/978-3-642-28537-0_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28536-3
Online ISBN: 978-3-642-28537-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics