APPARATUS AND METHOD FOR ANOMALY DETECTION IN SCADA NETWORK USING SELF-SIMILARITY

摘要

PURPOSE: An apparatus and a method for detecting symptom data of a SCADA(Supervisory Control And Data Acquisition) network are provided to solve a problem for detecting an evasion attack or new type attacks. CONSTITUTION: A storage unit(10) measures self-similarity from one or more attribution information which indicates a traffic state of a network in a normal state. The storage unit stores a set threshold value. A measuring unit(20) measures the self-similarity in real time from one or more attribution information in the network. A determination unit(30) compares the measured real-time self-similarity value with the set threshold value. The determination unit determines an abnormal state of the network. [Reference numerals] (10) Storage unit; (20) Measuring unit; (23) Network; (25) Event log; (30) Determination unit