Proceedings of the 2011 Winter Simulation Conference (WSC), 2011, p.2614-2626
2011
Volltextzugriff (PDF)
Details
- Autor(en) / Beteiligte
- Titel
- An event buffer flooding attack in DNP3 controlled SCADA systems
- Ist Teil von
- Proceedings of the 2011 Winter Simulation Conference (WSC), 2011, p.2614-2626
- Ort / Verlag
- IEEE
- Erscheinungsjahr
- 2011
- Quelle
- IEEE Electronic Library Online
- Beschreibungen/Notizen
- The DNP3 protocol is widely used in SCADA systems (particularly electrical power) as a means of communicating observed sensor state information back to a control center. Typical architectures using DNP3 have a two level hierarchy, where a specialized data aggregator receives observed state from devices within a local region, and the control center collects the aggregated state from the data aggregator. The DNP3 communications are asynchronous across the two levels; this leads to the possibility of completely filling a data aggregator's buffer of pending events, when a compromised relay sends overly many (false) events to the data aggregator. This paper investigates the attack by implementing the attack using real SCADA system hardware and software. A Discrete-Time Markov Chain (DTMC) model is developed for understanding conditions under which the attack is successful and effective. The model is validated by a Möbius simulation model and data collected on a real SCADA testbed.
- Sprache
- Englisch
- Identifikatoren
- ISBN: 1457721082, 9781457721083ISSN: 0891-7736eISSN: 1558-4305DOI: 10.1109/WSC.2011.6147969Titel-ID: cdi_ieee_primary_6147969
- Format
- –
- Schlagworte
- Analytical models, Data models, Protocols, Radiation detectors, Relays, SCADA systems, Substations