Indian Science Technology and Engineering facilities Map
 
Preivious Next  

  Digital Catalogue for Technology and Products Development


   Technology and Product Development

    Basic Information

Technology developed: COPS SCADA Protocol Anomaly Detector (TP19764451865)
Category: Nil
Details of Inventor(s):
Inventor Institution/Organization/Company Department Designation
B.S.Bindhumadhava C-DAC, Bengaluru RTS&IoT Senior Director
R.K.Senthil Kumar C-DAC, Bengaluru RTS&IoT Associate Driector
Rajesh Kalluri C-DAC, Bengaluru RTS&IoT Joint Director
Technical Application Area: Security
If 'Other', please specify:
Critical Infrastructure Security
Please give more details of new technical application area:
C-DAC COPS SPADE (SCADA Protocol Anomaly Detector) is a passive security monitoring solution targeting at the security of remote terminal units (RTU). SPADE actively detects anomalous communication (between RTU and master) and works on deep packet inspection (DPI) and deep content inspection (DCI) based analytics engine. Analytics engine is based on white-listed rules and modeled specifically for IEC-60870-5-104 based SCADA systems. Along with the white-listed rule sets, the solution includes field (sensor and actuator values) data correlation with network data. SPADE can detect known and unknown zero-day attacks on the SCADA systems effectively.
Organization(s):
Centre for Development of Advanced Computing (CDAC)
Affiliated Ministry: MeitY, Govt. of India
Type of technology development: Indigenous
Does the technology help in replacing any import items currently
procured from outside India?
Does the technology have export potential? 1
Category of Technology developed: Immediate Deployment
Stage of Development: Commercialized
Please describe in detail including the TRL Level:
C-DAC COPS SPADE (SCADA Protocol Anomaly Detector) is a passive security monitoring solution targeting at the security of remote terminal units (RTU). SPADE actively detects anomalous communication (between RTU and master) and works on deep packet inspection (DPI) and deep content inspection (DCI) based analytics engine. Analytics engine is based on white-listed rules and modeled specifically for IEC-60870-5-104 based SCADA systems. Along with the white-listed rule sets, the solution includes field (sensor and actuator values) data correlation with network data. SPADE can detect known and unknown zero-day attacks on the SCADA systems effectively. 1. SPADE works on two phases i.e. learning phase and operational phase 2. Learning phase is to prepare white list tables based on meta data and uniform data classification 3. In operational phase, SPADE sniffs real time data and applies DPI/ DCI methodologies with support of protocol based rule sets, pattern based state machines and provide these results to analytics engine 4. Analytics engine works based on behavior profiling, decision tress, model based anomaly detection and generates alarms, events, incidents based on risk level 5. Takes a separate feed of sensors raw value without affecting RTU operations to detect anomalies 6. SCADA vision is a geo location based real time dash board with incident tracking and risk prioritized alarms, events, incidents support.

    Abstract:

Applications: 1. Critical Infrastructure Sectors (Power Grid, Oil, Gas) where IEC 870-5-101 and IEC 870-5-104 protocols are in use 2. RTU vendors , System Integrators 3. Smart Grid and Micro Grid
Advantages: 1. Plug-in solution without affecting architecture of the existing system 2. Does not interfere with operation of the existing system 3. Attached in parallel to RTUs in the same network 4. Can capture zero day attack scenarios 5. Single dash board (SCADA Vision) at control centre to monitor status of all RTUs 6. Operate in promiscuous mode 7. Failure of this solution does not affect the real time operations 8. Can be deployed whether RTUs are modern, legacy and proprietary 9. Monitor all communication between RTU and master, detect and report any abnormalities and attacks at RTU 10. SMU analyzes exchanged messages and commands initiated from master to perform integrity checks, detect any suspicious events. 11. Detect attacks on RTU such as DoS, malfunctioning of RTU/master, brute-force attacks, zero day attacks.

    Technology Inputs:

Imported Equipment/Spare Parts:
Equipment/Spare Parts Year ITC-HS Code
NA
Indigenous Equipment/Spare Parts:
Equipment/Spare Parts Year ITC-HS Code
NA
Imported Raw Materials:
Raw Materials Year ITC-HS Code
NA
Indigenous Raw Materials:
Raw Materials Year ITC-HS Code
NA
Existing R&D Facilities used:
Facilities Year ITC-HS Code
NA

   Patents & Publications:

Patents:
Filed Patents (No.) Granted Patents (No.) Year
0 0 NA
Publications:
Submitted (No.) Published (No.) Year
0 0 NA

    Commercialization Potential:

Who are the Potential Licensees?
What commercially available products address
the same problem?
Company Product Problem Addressed
Would you like to develop this invention further with
corporate research support?
Yes
Would you be interested in participating in cluster based
programs for commercialization research or business
planning for your invention?
Yes
      Submitted by: Savitha Gowda Date of Submission: 6-8-2020



Chat Room      Write Review     Talk to Experts


THE VISION
THE MISSION
ABOUT I-STEM
It has always been the basic tenet of the Government of India, in generously funding R&D efforts at academic institutions over the years, that facilities established through such support be made available to those needing them and qualified to make use of them for their own research work
read more >>

However, this was never easy or straightforward for, among other reasons, there was no ready source of information of what facility was available and where. Thanks to the Web, it is much easier today to have a national and regional “inventory of resources”, so as to match users with the resources they need, and to do all this in an efficient and transparent manner.

This can lead to a leap in R&D productivity and greatly enhance the effectiveness of public investment. This is the motivation behind I-STEM.
read less <<
Visitor Hit Counter
Hosted at Indian Institute of Science
Copyright © 2024 I-STEM. All rights reserved.
Audited by: STQC Bengaluru.