Using a Specification-based Intrusion Detection System to Extend the DNP3 Protocol with Security Functionalities

نویسندگان

  • Hui Lin
  • Adam Slagell
  • Zbigniew Kalbarczyk
  • Ravishankar K. Iyer
چکیده

Modern SCADA systems are increasingly adopting Internet technologies to control distributed industrial assets. As proprietary communication protocols are increasingly being used over public networks without efficient protection mechanisms, it is increasingly easier for attackers to penetrate into the communication networks of companies that operate electrical power grids, water plants, and other critical infrastructure systems. To provide protection against such attacks without changing legacy configurations, SCADA systems require an intrusion detection technique that can understand information carried by network traffic based on proprietary SCADA protocols. To achieve that goal, we adapted Bro, a specification-based intrusion detection system, for SCADA protocols in our previous work [13]. In that work, we built into Bro a new parser to support DNP3, a complex proprietary network protocol that is widely used in SCADA systems for electrical power grids [4]. The builtin parser provides clear visibility of network events related to SCADA systems. The semantics associated with the events provide us with a fine-grained operational context of the SCADA system, including types of operations and their parameters. Based on such information, we propose in this work two security policies to perform authentication and integrity checking on observed SCADA network traffic. To evaluate the proposed security policies, we simulated SCADA-specific attack scenarios in a test-bed, including real proprietary devices used in an electrical power grid. Experiments showed that the proposed intrusion detection system with the security policies can work efficiently in a large industry control environment that can include approximately 4000 devices.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A New Intrusion Detection System to deal with Black Hole Attacks in Mobile Ad Hoc Networks

By extending wireless networks and because of their different nature, some attacks appear in these networks which did not exist in wired networks. Security is a serious challenge for actual implementation in wireless networks. Due to lack of the fixed infrastructure and also because of security holes in routing protocols in mobile ad hoc networks, these networks are not protected against attack...

متن کامل

A Lightweight Intrusion Detection System Based on Specifications to Improve Security in Wireless Sensor Networks

Due to the prevalence of Wireless Sensor Networks (WSNs) in the many mission-critical applications such as military areas, security has been considered as one of the essential parameters in Quality of Service (QoS), and Intrusion Detection System (IDS) is considered as a fundamental requirement for security in these networks. This paper presents a lightweight Intrusion Detection System to prote...

متن کامل

Adapting Bro into SCADA: Building Specification-based Intrusion Detection System for DNP3 Protocol

Modern SCADA systems are increasingly adopting Internet technology to control industry processes. With their security vulnerabilities exposed to public networks, an attacker is able to penetrate into these control systems to put remote facilities in danger. To detect such attacks, SCADA systems require an intrusion detection technique that can monitor network traffic based on proprietary networ...

متن کامل

Detecting Denial of Service Message Flooding Attacks in SIP based Services

Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its ‎security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol ‎‎(SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation ‎deficiencies cause some security concerns in SIP based infra...

متن کامل

Proposing A Distributed Model For Intrusion Detection In Mobile Ad-Hoc Network Using Neural Fuzzy Interface

Security term in mobile ad hoc networks has several aspects because of the special specification of these networks. In this paper a distributed architecture was proposed in which each node performed intrusion detection based on its own and its neighbors’ data. Fuzzy-neural interface was used that is the composition of learning ability of neural network and fuzzy Ratiocination of fuzzy system as...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2012