A Burst-Based Whitelist Model for DNP3 Communication in the SCADA System

Download Now
Provided by: Science and Development Network (SciDev.Net)
Topic: Security
Format: PDF
The Distributed Network Protocol Version 3 (DNP3) protocol is widely used in SCADA systems as a means of communicating observed sensor state information back to a control center. In general, utilities that use the DNP3 protocol repeat their own limited operations, so a whitelist-based approach is clearly suitable for network intrusion detection. In this paper, the authors propose a burst-based whitelist model for utilities using the DNP3 protocol. A burst is a group of consecutive packets with shorter inter-arriving time than packets arriving before or after the burst of packets. When utilities communicate on the DNP3 protocol, one transaction at the application-level is mapped to one burst.
Download Now

Find By Topic