Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

SCADA Protocol Anomaly Detection Utilizing Compression (SPADUC) 2013

Technical Report ·
DOI:https://doi.org/10.2172/1070143· OSTI ID:1070143
 [1];  [1];  [1]
  1. Idaho National Laboratory (INL), Idaho Falls, ID (United States)
+ Show Author Affiliations

There is a significant need to protect the nation’s energy infrastructures from malicious actors using cyber methods. Supervisory, Control, and Data Acquisition (SCADA) systems may be vulnerable due to the insufficient security implemented during the design and deployment of these control systems. This is particularly true in older legacy SCADA systems that are still commonly in use. The purpose of INL’s research on the SCADA Protocol Anomaly Detection Utilizing Compression (SPADUC) project was to determine if and how data compression techniques could be used to identify and protect SCADA systems from cyber attacks. Initially, the concept was centered on how to train a compression algorithm to recognize normal control system traffic versus hostile network traffic. Because large portions of the TCP/IP message traffic (called packets) are repetitive, the concept of using compression techniques to differentiate “non-normal” traffic was proposed. In this manner, malicious SCADA traffic could be identified at the packet level prior to completing its payload. Previous research has shown that SCADA network traffic has traits desirable for compression analysis. This work investigated three different approaches to identify malicious SCADA network traffic using compression techniques. The preliminary analyses and results presented herein are clearly able to differentiate normal from malicious network traffic at the packet level at a very high confidence level for the conditions tested. Additionally, the master dictionary approach used in this research appears to initially provide a meaningful way to categorize and compare packets within a communication channel.

Research Organization:
Idaho National Laboratory (INL), Idaho Falls, ID (United States)
Sponsoring Organization:
USDOE Office of Electricity (OE)
DOE Contract Number:
AC07-05ID14517
OSTI ID:
1070143
Report Number(s):
INL/EXT--13-28273
Country of Publication:
United States
Language:
English

Similar Records

Real-Time SCADA Cyber Protection Using Compression Techniques
Conference · Fri Nov 01 00:00:00 EDT 2013 · OSTI ID:1122126
Security Evaluation of Two Intrusion Detection Systems in Smart Grid SCADA Environment
Conference · Sat Sep 01 00:00:00 EDT 2018 · 2018 North American Power Symposium (NAPS) · OSTI ID:1985687
An Evaluation of Machine Learning Methods to Detect Malicious SCADA Communications
Conference · Mon Dec 31 23:00:00 EST 2012 · OSTI ID:1111444

Related Subjects

24 POWER TRANSMISSION AND DISTRIBUTION
99 GENERAL AND MISCELLANEOUS
Protocol Anomaly Detection
SCADA
compression algorithm
cyber security