| 发明名称 |
SCADA INTRUSION DETECTION SYSTEMS |
| 摘要 |
According to one aspect, a SCADA system is provided. The SCADA system includes a network interface configured to communicate data with a plurality of industrial control devices via an industrial control system (ICS) network. The SCADA system further includes a memory storing SCADA configuration information including ICS network configuration information and device information descriptive of each industrial control device of the plurality of industrial control devices and at least one processor in data communication with the memory and the network interface. The SCADA system also includes an intrusion detection component executable by the at least one processor and configured to read the SCADA configuration information, generate, from the SCADA configuration information, authorized communication information descriptive of one or more expected communication types of communications authorized for transmission via the ICS network. |
| 申请公布号 |
US2016094578(A1) |
申请公布日期 |
2016.03.31 |
| 申请号 |
US201414501672 |
申请日期 |
2014.09.30 |
| 申请人 |
SCHNEIDER ELECTRIC USA, INC. |
发明人 |
McQuillan Jayme Lee;Lloyd Chad Andrew |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A supervisory control and data acquisition (SCADA) system comprising:
a network interface configured to communicate data with a plurality of industrial control devices via an industrial control system (ICS) network; memory storing SCADA configuration information including ICS network configuration information and device information descriptive of each industrial control device of the plurality of industrial control devices; at least one processor in data communication with the memory and the network interface; and an intrusion detection component executable by the at least one processor and configured to:
read the SCADA configuration information;generate, from the SCADA configuration information, authorized communication information descriptive of one or more expected communication types of communications authorized for transmission via the ICS network, each expected communication type of the one or more expected communication types being based on SCADA configuration information descriptive of an industrial control device of the plurality of industrial control devices;monitor the ICS network for communications;identify, with reference to the authorized communication information, an unauthorized communication transmitted via the ICS network, the unauthorized communication having an unauthorized communication type different from any communication type of the one or more expected communication types, the unauthorized communication type being based on new device information descriptive of a device; andexecute at least one action to address the at least one communication. |
| 地址 |
Palatine IL US |
