Читать книгу SCADA Security - Xun Yi - Страница 19

The remainder of the book is structured as follows. Chapter 2 gives an introduction to readers who do not have an understanding of SCADA systems and their architectures, and the main components. This includes a description of the relationship between the main components and three generations of SCADA systems. The classification of a SCADA IDS based on its architecture and implementation is described.

Chapter 3 describes in detail SCADAVT, a framework for a SCADA security testbed based on virtualization technology. This framework is used to create a simulation of the main SCADA system components and a controlled environment. The main SCADA components and real SCADA protocol (e.g., Modbus/TCP) are integrated. In addition, a server, which acts as a surrogate for water distribution systems, is introduced. This framework is used throughout the book to simulate a realistic SCADA system for supervising and controlling a water distribution system. This simulation is mentioned in the other chapters to evaluate and test anomaly detection models for SCADA systems.

Chapter 4 describes in detail NNVWC, an efficient method that finds the ‐nearest neighbors in large and high‐dimensional data. In NNVWC, a new various‐widths clustering algorithm is introduced, where the data is partitioned into a number of clusters using various widths. Triangle inequality is adapted to prune unlikely clusters in the search process of ‐nearest neighbors for an observation. Experimental results show that NNVWC performs well in finding ‐nearest neighbors compared to a number of ‐nearest neighbor‐based algorithms, especially for a data set with high dimensions, various distributions, and large size.

Chapter 5 describes SDAD, a method that extracts proximity‐based detection rules from unlabeled SCADA data, based on a clustering‐based method. The evaluation of SDAD is carried out using real and simulated data sets. The extracted proximity‐based detection rules show a significant detection accuracy rate compared with an existing clustering‐based intrusion detection algorithm.

Chapter 6 describes GATUD, a method that finds a global and efficient anomaly threshold. GATUD is proposed as an add‐on component that can be attached to any unsupervised anomaly detection method in order to define the near‐optimal anomaly threshold. GATUD shows significant and promising results with two unsupervised anomaly detection methods.

Chapter 7 looks at the authentication aspects related to SCADA environments. It describes two innovative protocols which are based on TPASS (Threshold Password‐Authenticated Secret Sharing) protocols; one is built on two‐phase commitment and has lower computation complexity and the other is based on zero‐knowledge proof and has less communication rounds. Both protocols are particularly efficient for the client, who only needs to send a request and receive a response. Additionally, this chapter provides rigorous proofs of security for the protocols in the standard model.

Finally, Chapter 8 concludes with a summary of the various tools and methods described in this book to the extant body of research and suggests possible directions for future research.