Burst-based Anomaly Detection on the DNP3 Protocol

Provided by: Science & Engineering Research Support soCiety (SERSC)
Topic: Security
Format: PDF
The potential effectiveness of cyber-attacks against SCADA systems could be increased because they are connected to the Internet for several purposes. The Distributed Network Protocol version 3 (DNP3) protocol is widely used in SCADA systems as a means of communicating observed sensor state information back to a control center. Previous DNP3 security researches are based on such specifications as attack signatures and protocol-based authorization. The provision of an exact and detailed specification is a good security criterion, but the drafting of proper specifications tends to be a time-consuming and error-prone process.

Find By Topic