Abstract
Modern critical infrastructures, such as water distribution and power generation, are large facilities that are distributed over large geographical areas. Supervisory Control and Data Acquisition (SCADA) networks are deployed to guarantee the correct operation and safety of these infrastructures. In this paper, we describe key characteristics of SCADA traffic, verifying if models developed for traffic in traditional IT networks are applicable. Our results show that SCADA traffic largely differs from traditional IT traffic, more noticeably not presenting diurnal patters or self-similar correlations in the time series.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Kobayashi, T.H., Batista, A.B., Brito, A.M., Pires, P.S.M.: Using a packet manipulation tool for security analysis of industrial network protocols. In: IEEE Conference on Emerging Technologies and Factory Automation (ETFA), pp. 744–747 (2007)
Cheung, S., Skinner, K., Dutertre, B., Fong, M., Lindqvist, U., Valdes, A.: Using model-based intrusion detection for SCADA networks. In: Proceedings of the SCADA Security Scientific Symposium, pp. 1–12. Citeseer (2007)
Valdes, A., Cheung, S.: Communication pattern anomaly detection in process control systems. In: IEEE Conference on Technologies for Homeland Security, HST 2009, pp. 22–29. IEEE (May 2009)
Leland, W.E., Willinger, W., Taqqu, M.S., Wilson, D.V.: On the self-similar nature of Ethernet traffic. ACM SIGCOMM Computer Communication Review 25(1), 202–213 (1995)
Paxson, V., Floyd, S.: Wide area traffic: the failure of Poisson modeling. IEEE/ACM Transactions on Networking 3(3), 226–244 (1995)
Crovella, M.E., Bestavros, A.: Self-similarity in World Wide Web traffic: evidence and possible causes. IEEE/ACM Transactions on Networking 5(6), 835–846 (1997)
Downey, A.: Lognormal and Pareto distributions in the Internet. Computer Communications 28(7), 790–801 (2005)
Gong, W.-B., Liu, Y., Misra, V., Towsley, D.: Self-similarity and long range dependence on the internet: a second look at the evidence, origins and implications. Computer Networks 48(3), 377–399 (2005); Long Range Dependent Traffic
Loiseau, P., Goncalves, P., Dewaele, G., Borgnat, P., Abry, P., Primet, P.V.-B.: Investigating Self-Similarity and Heavy-Tailed Distributions on a Large-Scale Experimental Facility. IEEE/ACM Transactions on Networking 18(4), 1261–1274 (2010)
Vázquez, A., Pastor-Satorras, R., Vespignani, A.: Large-scale topological and dynamical properties of the internet. Physical Review E 65 (2002)
Sadre, R., Haverkort, B.R.: Changes in the Web from 2000 to 2007. In: De Turck, F., Kellerer, W., Kormentzas, G. (eds.) DSOM 2008. LNCS, vol. 5273, pp. 136–148. Springer, Heidelberg (2008)
Floyd, S., Paxson, V.: Difficulties in simulating the Internet. IEEE/ACM Transactions on Networking 9(4), 392–403 (2001)
Barbosa, R.R.R., Sadre, R., Pras, A.: A First Look into SCADA Network Traffic. In: Network Operations and Management Symposium, NOMS (to appear, 2012)
Jacobson, V., Leres, C., McCanne, S., et al.: Tcpdump (1989)
Barbosa, R.R.R., Sadre, R., Pras, A., van de Meent, R.: Simpleweb/university of twente traffic traces data repository. Technical report, Centre for Telematics and Information Technology, University of Twente (April 2010)
Nuzman, C., Saniee, I., Sweldens, W., Weiss, A.: A compound model for TCP connection arrivals for LAN and WAN applications. Computer Networks 40(3), 319–337 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Barbosa, R.R.R., Sadre, R., Pras, A. (2012). Difficulties in Modeling SCADA Traffic: A Comparative Analysis. In: Taft, N., Ricciato, F. (eds) Passive and Active Measurement. PAM 2012. Lecture Notes in Computer Science, vol 7192. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28537-0_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-28537-0_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28536-3
Online ISBN: 978-3-642-28537-0
eBook Packages: Computer ScienceComputer Science (R0)