Stochastic Activity Networks: Structure, Behavior, and Application
International Workshop on Timed Petri Nets
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
SCADA systems: vulnerabilities and remediation
Journal of Computing Sciences in Colleges
Design Principles for Power Grid Cyber-Infrastructure Authentication Protocols
HICSS '10 Proceedings of the 2010 43rd Hawaii International Conference on System Sciences
Survey Cyber security in the Smart Grid: Survey and challenges
Computer Networks: The International Journal of Computer and Telecommunications Networking
Towards learning normality for anomaly detection in industrial control networks
AIMS'13 Proceedings of the 7th IFIP WG 6.6 international conference on Autonomous Infrastructure, Management, and Security: emerging management mechanisms for the future internet - Volume 7943
| Hi-index | 0.00 |
The DNP3 protocol is widely used in SCADA systems (particularly electrical power) as a means of communicating observed sensor state information back to a control center. Typical architectures using DNP3 have a two level hierarchy, where a specialized data aggregator receives observed state from devices within a local region, and the control center collects the aggregated state from the data aggregator. The DNP3 communications are asynchronous across the two levels; this leads to the possibility of completely filling a data aggregator's buffer of pending events, when a compromised relay sends overly many (false) events to the data aggregator. This paper investigates the attack by implementing the attack using real SCADA system hardware and software. A Discrete-Time Markov Chain (DTMC) model is developed for understanding conditions under which the attack is successful and effective. The model is validated by a Möbius simulation model and data collected on a real SCADA testbed.