Flow whitelisting in SCADA networks

Rafael Ramos Regis Barbosa, Ramin Sadre, Aiko Pras

Publikation: Bidrag til tidsskriftTidsskriftartikelForskningpeer review

49 Citationer (Scopus)
1157 Downloads (Pure)


Supervisory control and data acquisition (SCADA) networks are commonly deployed in large industrial facilities. Modern SCADA networks are becoming more vulnerable to cyber attacks due to the common use of standard communications protocols and increased interconnections with corporate networks and the Internet. This paper describes an approach for improving the security of SCADA networks using flow whitelisting. A flow whitelist describes legitimate traffic based on four properties of network packets: client address, server address, server-side port and transport protocol. The proposed approach incorporates a learning phase in which a flow whitelist is learned by capturing network traffic over a period of time and aggregating it into flows. After the learning phase is complete, any non-whitelisted connection observed generates an alarm. The evaluation of the approach focuses on two important whitelist characteristics: size and stability. The applicability of the approach is demonstrated using real-world traffic traces captured at two water treatment plants and at an electric-gas utility.
TidsskriftInternational Journal of Critical Infrastructure Protection
Udgave nummer3-4
Sider (fra-til)150-158
Antal sider9
StatusUdgivet - 2013

Fingeraftryk Dyk ned i forskningsemnerne om 'Flow whitelisting in SCADA networks'. Sammen danner de et unikt fingeraftryk.