ABSTRACT
Contents 13.1 Introduction ................................................................................................................... 334 13.2 Architectural Framework for SCADA Systems Security ..................................................335 13.3 Real-Time Detection and Diagnosis of Cyber Attacks ................................................... 336
13.3.1 Probes ..................................................................................................................338 13.3.2 Network-Level Detection System .........................................................................339 13.3.3 Decision Engine .................................................................................................. 341
13.4 Keeping the Human in the Loop: The Decision Aid Tool .............................................. 341 13.4.1 Knowledge Representation ................................................................................. 344
13.5 How Real-Time and Off-Line Tools Can Cooperate to Enhance Cybersecurity............. 344 13.6 Use Case: Detection, Diagnosis, and Remediation in the Wireless Zones
of a SCADA Network .................................................................................................... 347 13.6.1 Sinkhole Attack .................................................................................................. 349 13.6.2 Sleep Deprivation Attack .....................................................................................350 13.6.3 Use of DiReS to Protect a WSN from Attacks Exploiting Routing
Protocol Vulnerabilities ........................................................................................350 13.6.4 Remediation Mechanisms ....................................................................................351 13.6.5 Implementation of Recovery Actions ...................................................................352 13.6.6 Simulation-Based Performance Tests ...................................................................352
13.7 Conclusions .....................................................................................................................353 References ................................................................................................................................353