An event buffer flooding attack in DNP3 controlled SCADA systems

An event buffer flooding attack in DNP3 controlled SCADA systems

The DNP3 protocol is widely used in SCADA systems (particularly electrical power) as a means of communicating observed sensor state information back to a control center. Typical architectures using DNP3 have a two level hierarchy, where a specialized data aggregator receives observed state from devi...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Dong Jin, Nicol, D. M., Guanhua Yan
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Analytical models
Data models
Protocols
Radiation detectors
Relays
SCADA systems
Substations
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 2626
container_issue
container_start_page 2614
container_title
container_volume
creator Dong Jin
Nicol, D. M.
Guanhua Yan
description The DNP3 protocol is widely used in SCADA systems (particularly electrical power) as a means of communicating observed sensor state information back to a control center. Typical architectures using DNP3 have a two level hierarchy, where a specialized data aggregator receives observed state from devices within a local region, and the control center collects the aggregated state from the data aggregator. The DNP3 communications are asynchronous across the two levels; this leads to the possibility of completely filling a data aggregator's buffer of pending events, when a compromised relay sends overly many (false) events to the data aggregator. This paper investigates the attack by implementing the attack using real SCADA system hardware and software. A Discrete-Time Markov Chain (DTMC) model is developed for understanding conditions under which the attack is successful and effective. The model is validated by a Möbius simulation model and data collected on a real SCADA testbed.
doi_str_mv 10.1109/WSC.2011.6147969
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_6147969</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6147969</ieee_id><sourcerecordid>6147969</sourcerecordid><originalsourceid>FETCH-LOGICAL-i217t-81da8072a5a49f6ddeec6288dba4b3edb18f0da9c1a8d50ad942667c678672c73</originalsourceid><addsrcrecordid>eNpFkMtKxDAUQOMLnBndC27yA625ed1kZ-n4gkGFUVwOaZNItdNKE4X5excOuDqLA2dxCLkAVgIwe_W2rkvOAEoNEq22B2QOUiFyYCgPyQyUMoUUTB39C8OPyYwZCwWi0KdkntIHY2AU8Bm5rgYafsKQafMdY5ho7MfRd8M7dTm79pN2A10-PgvajkOexr4Pnq7ralnRtEs5bNMZOYmuT-F8zwV5vb15qe-L1dPdQ12tio4D5sKAd4Yhd8pJG7X3IbSaG-MbJxsRfAMmMu9sC854xZy3kmuNrUajkbcoFuTyr9uFEDZfU7d1026z3yB-Ab1yS_I</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>An event buffer flooding attack in DNP3 controlled SCADA systems</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Dong Jin ; Nicol, D. M. ; Guanhua Yan</creator><creatorcontrib>Dong Jin ; Nicol, D. M. ; Guanhua Yan</creatorcontrib><description>The DNP3 protocol is widely used in SCADA systems (particularly electrical power) as a means of communicating observed sensor state information back to a control center. Typical architectures using DNP3 have a two level hierarchy, where a specialized data aggregator receives observed state from devices within a local region, and the control center collects the aggregated state from the data aggregator. The DNP3 communications are asynchronous across the two levels; this leads to the possibility of completely filling a data aggregator's buffer of pending events, when a compromised relay sends overly many (false) events to the data aggregator. This paper investigates the attack by implementing the attack using real SCADA system hardware and software. A Discrete-Time Markov Chain (DTMC) model is developed for understanding conditions under which the attack is successful and effective. The model is validated by a Möbius simulation model and data collected on a real SCADA testbed.</description><identifier>ISSN: 0891-7736</identifier><identifier>ISBN: 1457721082</identifier><identifier>ISBN: 9781457721083</identifier><identifier>EISSN: 1558-4305</identifier><identifier>EISBN: 1457721074</identifier><identifier>EISBN: 9781457721076</identifier><identifier>EISBN: 9781457721090</identifier><identifier>EISBN: 1457721090</identifier><identifier>EISBN: 1457721066</identifier><identifier>EISBN: 9781457721069</identifier><identifier>DOI: 10.1109/WSC.2011.6147969</identifier><language>eng</language><publisher>IEEE</publisher><subject>Analytical models ; Data models ; Protocols ; Radiation detectors ; Relays ; SCADA systems ; Substations</subject><ispartof>Proceedings of the 2011 Winter Simulation Conference (WSC), 2011, p.2614-2626</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6147969$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,777,781,786,787,2052,27906,54901</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6147969$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Dong Jin</creatorcontrib><creatorcontrib>Nicol, D. M.</creatorcontrib><creatorcontrib>Guanhua Yan</creatorcontrib><title>An event buffer flooding attack in DNP3 controlled SCADA systems</title><title>Proceedings of the 2011 Winter Simulation Conference (WSC)</title><addtitle>WSC</addtitle><description>The DNP3 protocol is widely used in SCADA systems (particularly electrical power) as a means of communicating observed sensor state information back to a control center. Typical architectures using DNP3 have a two level hierarchy, where a specialized data aggregator receives observed state from devices within a local region, and the control center collects the aggregated state from the data aggregator. The DNP3 communications are asynchronous across the two levels; this leads to the possibility of completely filling a data aggregator's buffer of pending events, when a compromised relay sends overly many (false) events to the data aggregator. This paper investigates the attack by implementing the attack using real SCADA system hardware and software. A Discrete-Time Markov Chain (DTMC) model is developed for understanding conditions under which the attack is successful and effective. The model is validated by a Möbius simulation model and data collected on a real SCADA testbed.</description><subject>Analytical models</subject><subject>Data models</subject><subject>Protocols</subject><subject>Radiation detectors</subject><subject>Relays</subject><subject>SCADA systems</subject><subject>Substations</subject><issn>0891-7736</issn><issn>1558-4305</issn><isbn>1457721082</isbn><isbn>9781457721083</isbn><isbn>1457721074</isbn><isbn>9781457721076</isbn><isbn>9781457721090</isbn><isbn>1457721090</isbn><isbn>1457721066</isbn><isbn>9781457721069</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2011</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNpFkMtKxDAUQOMLnBndC27yA625ed1kZ-n4gkGFUVwOaZNItdNKE4X5excOuDqLA2dxCLkAVgIwe_W2rkvOAEoNEq22B2QOUiFyYCgPyQyUMoUUTB39C8OPyYwZCwWi0KdkntIHY2AU8Bm5rgYafsKQafMdY5ho7MfRd8M7dTm79pN2A10-PgvajkOexr4Pnq7ralnRtEs5bNMZOYmuT-F8zwV5vb15qe-L1dPdQ12tio4D5sKAd4Yhd8pJG7X3IbSaG-MbJxsRfAMmMu9sC854xZy3kmuNrUajkbcoFuTyr9uFEDZfU7d1026z3yB-Ab1yS_I</recordid><startdate>20110101</startdate><enddate>20110101</enddate><creator>Dong Jin</creator><creator>Nicol, D. M.</creator><creator>Guanhua Yan</creator><general>IEEE</general><scope>6IE</scope><scope>6IH</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIO</scope></search><sort><creationdate>20110101</creationdate><title>An event buffer flooding attack in DNP3 controlled SCADA systems</title><author>Dong Jin ; Nicol, D. M. ; Guanhua Yan</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i217t-81da8072a5a49f6ddeec6288dba4b3edb18f0da9c1a8d50ad942667c678672c73</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2011</creationdate><topic>Analytical models</topic><topic>Data models</topic><topic>Protocols</topic><topic>Radiation detectors</topic><topic>Relays</topic><topic>SCADA systems</topic><topic>Substations</topic><toplevel>online_resources</toplevel><creatorcontrib>Dong Jin</creatorcontrib><creatorcontrib>Nicol, D. M.</creatorcontrib><creatorcontrib>Guanhua Yan</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan (POP) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP) 1998-present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Dong Jin</au><au>Nicol, D. M.</au><au>Guanhua Yan</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>An event buffer flooding attack in DNP3 controlled SCADA systems</atitle><btitle>Proceedings of the 2011 Winter Simulation Conference (WSC)</btitle><stitle>WSC</stitle><date>2011-01-01</date><risdate>2011</risdate><spage>2614</spage><epage>2626</epage><pages>2614-2626</pages><issn>0891-7736</issn><eissn>1558-4305</eissn><isbn>1457721082</isbn><isbn>9781457721083</isbn><eisbn>1457721074</eisbn><eisbn>9781457721076</eisbn><eisbn>9781457721090</eisbn><eisbn>1457721090</eisbn><eisbn>1457721066</eisbn><eisbn>9781457721069</eisbn><abstract>The DNP3 protocol is widely used in SCADA systems (particularly electrical power) as a means of communicating observed sensor state information back to a control center. Typical architectures using DNP3 have a two level hierarchy, where a specialized data aggregator receives observed state from devices within a local region, and the control center collects the aggregated state from the data aggregator. The DNP3 communications are asynchronous across the two levels; this leads to the possibility of completely filling a data aggregator's buffer of pending events, when a compromised relay sends overly many (false) events to the data aggregator. This paper investigates the attack by implementing the attack using real SCADA system hardware and software. A Discrete-Time Markov Chain (DTMC) model is developed for understanding conditions under which the attack is successful and effective. The model is validated by a Möbius simulation model and data collected on a real SCADA testbed.</abstract><pub>IEEE</pub><doi>10.1109/WSC.2011.6147969</doi><tpages>13</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 0891-7736
ispartof Proceedings of the 2011 Winter Simulation Conference (WSC), 2011, p.2614-2626
issn 0891-7736
1558-4305
language eng
recordid cdi_ieee_primary_6147969
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Analytical models
Data models
Protocols
Radiation detectors
Relays
SCADA systems
Substations
title An event buffer flooding attack in DNP3 controlled SCADA systems
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-19T11%3A26%3A18IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=An%20event%20buffer%20flooding%20attack%20in%20DNP3%20controlled%20SCADA%20systems&rft.btitle=Proceedings%20of%20the%202011%20Winter%20Simulation%20Conference%20(WSC)&rft.au=Dong%20Jin&rft.date=2011-01-01&rft.spage=2614&rft.epage=2626&rft.pages=2614-2626&rft.issn=0891-7736&rft.eissn=1558-4305&rft.isbn=1457721082&rft.isbn_list=9781457721083&rft_id=info:doi/10.1109/WSC.2011.6147969&rft_dat=%3Cieee_6IE%3E6147969%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&rft.eisbn=1457721074&rft.eisbn_list=9781457721076&rft.eisbn_list=9781457721090&rft.eisbn_list=1457721090&rft.eisbn_list=1457721066&rft.eisbn_list=9781457721069&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=6147969&rfr_iscdi=true