Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Real-Time SCADA Cyber Protection Using Compression Techniques

Conference ·
OSTI ID:1122126
;

The Department of Energy’s Office of Electricity Delivery and Energy Reliability (DOE-OE) has a critical mission to secure the energy infrastructure from cyber attack. Through DOE-OE’s Cybersecurity for Energy Delivery Systems (CEDS) program, the Idaho National Laboratory (INL) has developed a method to detect malicious traffic on Supervisory, Control, and Data Acquisition (SCADA) network using a data compression technique. SCADA network traffic is often repetitive with only minor differences between packets. Research performed at the INL showed that SCADA network traffic has traits desirable for using compression analysis to identify abnormal network traffic. An open source implementation of a Lempel-Ziv-Welch (LZW) lossless data compression algorithm was used to compress and analyze surrogate SCADA traffic. Infected SCADA traffic was found to have statistically significant differences in compression when compared against normal SCADA traffic at the packet level. The initial analyses and results are clearly able to identify malicious network traffic from normal traffic at the packet level with a very high confidence level across multiple ports and traffic streams. Statistical differentiation between infected and normal traffic level was possible using a modified data compression technique at the 99% probability level for all data analyzed. However, the conditions tested were rather limited in scope and need to be expanded into more realistic simulations of hacking events using techniques and approaches that are better representative of a real-world attack on a SCADA system. Nonetheless, the use of compression techniques to identify malicious traffic on SCADA networks in real time appears to have significant merit for infrastructure protection.

Research Organization:
Idaho National Laboratory (INL)
Sponsoring Organization:
DOE - OE
DOE Contract Number:
AC07-05ID14517
OSTI ID:
1122126
Report Number(s):
INL/CON-13-28639
Country of Publication:
United States
Language:
English

Similar Records

SCADA Protocol Anomaly Detection Utilizing Compression (SPADUC) 2013
Technical Report · Mon Dec 31 23:00:00 EST 2012 · OSTI ID:1070143
An Evaluation of Machine Learning Methods to Detect Malicious SCADA Communications
Conference · Mon Dec 31 23:00:00 EST 2012 · OSTI ID:1111444
Security Evaluation of Two Intrusion Detection Systems in Smart Grid SCADA Environment
Conference · Sat Sep 01 00:00:00 EDT 2018 · 2018 North American Power Symposium (NAPS) · OSTI ID:1985687

Related Subjects

97 MATHEMATICS AND COMPUTING
Cyber security
SCADA
data compression
malware