A method to construct network traffic models for process control systems

Nowadays, it is a well-known fact that modern Critical Infrastructures (CIs) depend on Information and Communication Technologies (ICT). Supervisory Control and Data Acquisition (SCADA) systems with off-the-shelf ICT hardware and software found their way in Process Control Systems (PCSs) due to their simplicity and cost-efficiency. However, recent incidents such as Stuxnet, Duqu or Night Dragon revealed new ICT vulnerabilities and attack scenarios in PCSs. Nevertheless, as shown by recent events, security studies on real SCADA systems are challenging due to the lack of proper experimentation environments. Through this work we develop a method to generate realistic network traffic in laboratory conditions without the need of a real PCS installation. This is indeed our main contribution as the basis of future anomaly detection systems. Such method could support experimentation through the recreation of realistic traffic in simulated environments. The accuracy and fidelity of the proposed approach was validated with several statistical methods that compare the predicted traffic with traffic taken from a real in stallation.