Abstract
Industrial Control Systems (ICS) are critical systems to our society. Yet they are less studied given their closed nature and often the unavailability of data. While few studies focus on wide-area SCADA systems, e.g., power or gas distribution networks, mission critical networks that control power generation are not yet studied. To address this gap, we perform the first measurement study of Distributed Control System (DCS) by analyzing traces from all network levels from several operational power plants. We show that DCS networks feature a rather rich application mix compared to wide-area SCADA networks and that applications and sites can be fingerprinted with statistical means. While traces from operational power plants are hard to obtain, we analyze to which extent easier to access training facilities can be used as vantage points. Our study aims to shed light on traffic properties of critical industries that were not yet analyzed given the lack of data.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Tcpdump and Libpcap: https://www.tcpdump.org
Barbosa, R.R.R., Sadre, R., Pras, A.: A first look into scada network traffic. In: 2012 IEEE Network Operations and Management Symposium. pp. 518–521 (April 2012). https://doi.org/10.1109/NOMS.2012.6211945
Barbosa, R.R.R., Sadre, R., Pras, A.: Difficulties in modeling SCADA traffic: a comparative analysis. In: Taft, N., Ricciato, F. (eds.) PAM 2012. LNCS, vol. 7192, pp. 126–135. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28537-0_13
Barbosa, R.: Anomaly detection in SCADA systems: a network based approach. Ph.D. thesis. University of Twente (2014). https://doi.org/10.3990/1.9789036536455
Barbosa, R.R.R., Sadre, R., Pras, A.: Exploiting traffic periodicity in industrial control networks. Int. J. Crit. Infrastruct. Prot. 13, 52–62 (2016). https://doi.org/10.1016/j.ijcip.2016.02.004
Conti, M., Donadel, D., Turrin, F.: A survey on industrial control system testbeds and datasets for security research. IEEE Commun. Surv. Tutorials 23(4), 2248–2294 (2021). https://doi.org/10.1109/COMST.2021.3094360
Galloway, B., Hancke, G.P.: Introduction to industrial control networks. IEEE Commun. Surv. Tutor. 15(2), 860–880 (2013)
Hemsley, K.E., Fisher, D.R.E.: History of industrial control system cyber incidents. Idaho National Laboratory (2018)
Leland, W.E., Taqqu, M.S., Willinger, W., Wilson, D.V.: On the self-similar nature of ethernet traffic. SIGCOMM Comput. Commun. Rev. 23(4), 183–193 (1993). https://doi.org/10.1145/167954.166255
Mai, K., Qin, X., Ortiz, N., Molina, J., Cardenas, A.A.: Uncharted networks: a first measurement study of the bulk power system. In: Proceedings of the ACM Internet Measurement Conference. IMC 2020, pp. 201–213. Association for Computing Machinery, New York, NY, USA (2020). https://doi.org/10.1145/3419394.3423630
Maier, G., Feldmann, A., Paxson, V., Allman, M.: On dominant characteristics of residential broadband internet traffic. In: ACM IMC (2009)
Mathur, A., Tippenhauer, N.O.: SWaT: a water treatment testbed for research and training on ICS security. In: 2016 International Workshop on Cyber-Physical Systems for Smart Water Networks (CySWater), pp. 31–36 (2016)
Ndonda, G.K., Sadre, R.: A two-level intrusion detection system for industrial control system networks using P4. In: 5th International Symposium for ICS & SCADA Cyber Security Research, pp. 31–40 (2018)
Richter, P., Chatzis, N., Smaragdakis, G., Feldmann, A., Willinger, W.: Distilling the internet’s application mix from packet-sampled traffic. In: Mirkovic, J., Liu, Y. (eds.) PAM 2015. LNCS, vol. 8995, pp. 179–192. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15509-8_14
Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., Hahn, A.: Guide to Industrial Control Systems (ICS) security. NIST Special Publication 800–82 (2015)
Trivedi, C., Trussell, H.J., Nilsson, A.A., Chow, M.Y.: Implicit traffic classification for service differentiation. Technical report. North Carolina State University. Center for Advanced Computing and Communication (2002)
Acknowledgement
Franka Schuster acknowledges funding by the German Federal Ministry of Education and Research (BMBF) grant WAIKIKI (funding reference number: 16KIS1198K).
Author information
Authors and Affiliations
Contributions
This study has been solely conducted by Stefan Mehner (main author) on a previously captured dataset as part of his PhD thesis. The study design was developed by Stefan Mehner and Oliver Hohlfeld. All authors contributed to the discussion and writing of the paper.
Corresponding author
Editor information
Editors and Affiliations
A Appendix
A Appendix
1.1 A.1 Power Plant Training Facility Dataset
1.2 A.2 Bin Sizes Used for Protocol Clustering
1.3 A.3 Payload Similarity and Clustering Results
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Mehner, S., Schuster, F., Hohlfeld, O. (2022). Lights on Power Plant Control Networks. In: Hohlfeld, O., Moura, G., Pelsser, C. (eds) Passive and Active Measurement. PAM 2022. Lecture Notes in Computer Science, vol 13210. Springer, Cham. https://doi.org/10.1007/978-3-030-98785-5_21
Download citation
DOI: https://doi.org/10.1007/978-3-030-98785-5_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-98784-8
Online ISBN: 978-3-030-98785-5
eBook Packages: Computer ScienceComputer Science (R0)