Analysis of a SCADA System Anomaly Detection Model Based on Information Entropy

Abstract

SCADA (supervisory control and data acquisition) systems monitor and control many different types of critical infrastructure such as power, water, transportation, and pipelines. These once isolated systems are increasingly being connected to the internet to improve operations, which creates vulnerabilities to attacks. A SCADA operator receives automated alarms concerning system components operating out of normal thresholds. These alarms are susceptible to manipulation by an attacker. This research uses information theory to build an anomaly detection model that quantifies the uncertainty of the system based on alarm message frequency. Several attack scenarios are statistically analyzed for their significance including someone injecting false alarms or hiding alarms. This research evaluates the use of information theory for anomaly detection and the impact of different attack scenarios.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 27, 2014
Accession Number
ADA610092

Entities

People

  • Jesse G. Wales

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies
  • Sensors

DTIC Thesaurus Topics

  • Air Force
  • Communication Systems
  • Computer Networks
  • Computer Programming
  • Computers
  • Control Systems
  • Cyberattacks
  • Data Acquisition
  • Databases
  • Detection
  • Detectors
  • Experimental Design
  • Information Science
  • Information Theory
  • Intrusion Detectors
  • Network Science
  • Test And Evaluation

Fields of Study

  • Computer science

Readers

  • Computational Modeling and Simulation
  • Cybersecurity.
  • Sensor Fusion and Tracking Systems.