TY - GEN
T1 - An event buffer flooding attack in DNP3 controlled SCADA systems
AU - Jin, Dong
AU - Nicol, David M.
AU - Yan, Guanhua
PY - 2011
Y1 - 2011
N2 - The DNP3 protocol is widely used in SCADA systems (particularly electrical power) as a means of communicating observed sensor state information back to a control center. Typical architectures using DNP3 have a two level hierarchy, where a specialized data aggregator receives observed state from devices within a local region, and the control center collects the aggregated state from the data aggregator. The DNP3 communications are asynchronous across the two levels; this leads to the possibility of completely filling a data aggregator's buffer of pending events, when a compromised relay sends overly many (false) events to the data aggregator. This paper investigates the attack by implementing the attack using real SCADA system hardware and software. A Discrete-Time Markov Chain (DTMC) model is developed for understanding conditions under which the attack is successful and effective. The model is validated by a Möbius simulation model and data collected on a real SCADA testbed.
AB - The DNP3 protocol is widely used in SCADA systems (particularly electrical power) as a means of communicating observed sensor state information back to a control center. Typical architectures using DNP3 have a two level hierarchy, where a specialized data aggregator receives observed state from devices within a local region, and the control center collects the aggregated state from the data aggregator. The DNP3 communications are asynchronous across the two levels; this leads to the possibility of completely filling a data aggregator's buffer of pending events, when a compromised relay sends overly many (false) events to the data aggregator. This paper investigates the attack by implementing the attack using real SCADA system hardware and software. A Discrete-Time Markov Chain (DTMC) model is developed for understanding conditions under which the attack is successful and effective. The model is validated by a Möbius simulation model and data collected on a real SCADA testbed.
UR - http://www.scopus.com/inward/record.url?scp=84858047755&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84858047755&partnerID=8YFLogxK
U2 - 10.1109/WSC.2011.6147969
DO - 10.1109/WSC.2011.6147969
M3 - Conference contribution
AN - SCOPUS:84858047755
SN - 9781457721083
T3 - Proceedings - Winter Simulation Conference
SP - 2614
EP - 2626
BT - Proceedings of the 2011 Winter Simulation Conference, WSC 2011
T2 - 2011 Winter Simulation Conference, WSC 2011
Y2 - 11 December 2011 through 14 December 2011
ER -