Abstract
AbstractSupervisory control and data acquisition systems (SCADA) are attractive targets due to their widespread use in the critical infrastructure. A large percentage of attacks involve crafted inputs. Buffer overflows, a form of crafted input attack, are still common. These attacks can be used to take over SCADA systems or force them to crash. The compromised systems could be leveraged to issue commands to other devices in a SCADA network and cause harm.This chapter presents a novel forensic tool that enables operators to detect crafted input attacks and monitor SCADA systems and networks for harmful actions. The tool incorporates several language-theoretic security-compliant parsers to ensure the syntactic validity of communications, enabling the detection of zero-day attacks that leverage crafted packets. The tool also detects attacks triggered using legacy protocols and includes graphical user interfaces, command-line interfaces and tools for comparing network traffic against configuration files to detect malicious activities. Experimental evaluations of the parsers using a large SCADA network traffic dataset demonstrate their efficacy. Fuzzing experiments demonstrate the resilience of the parsers as well as the tool itself.KeywordsSCADA systemslanguage-theoretic securityforensics
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
