Probability Risk Identification Based Intrusion Detection System for SCADA Systems
نویسندگان
چکیده
As Supervisory Control and Data Acquisition (SCADA) systems control several critical infrastructures, they have connected to the internet. Consequently, SCADA systems face different sophisticated types of cyber adversaries. This paper suggests a Probability Risk Identification based Intrusion Detection System (PRI-IDS) technique based on analysing network traffic of Modbus TCP/IP for identifying replay attacks. It is acknowledged that Modbus TCP is usually vulnerable due to its unauthenticated and unencrypted nature. Our technique is evaluated using a simulation environment by configuring a testbed, which is a custom SCADA network that is cheap, accurate and scalable. The testbed is exploited when testing the IDS by sending individual packets from an attacker located on the same LAN as the Modbus master and slave. The experimental results demonstrated that the proposed technique can effectively and efficiently recognise replay attacks.
منابع مشابه
Anomaly-Based Intrusion Detection for SCADA Systems
Most critical infrastructure such as chemical processing plants, electrical generation and distribution networks, and gas distribution is monitored and controlled by Supervisory Control and Data Acquisition Systems (SCADA). These systems have been the focus of increased security and there are concerns that they could be the target of international terrorists. With the constantly growing number ...
متن کاملAdapting Bro into SCADA: Building Specification-based Intrusion Detection System for DNP3 Protocol
Modern SCADA systems are increasingly adopting Internet technology to control industry processes. With their security vulnerabilities exposed to public networks, an attacker is able to penetrate into these control systems to put remote facilities in danger. To detect such attacks, SCADA systems require an intrusion detection technique that can monitor network traffic based on proprietary networ...
متن کاملUsing a Specification-based Intrusion Detection System to Extend the DNP3 Protocol with Security Functionalities
Modern SCADA systems are increasingly adopting Internet technologies to control distributed industrial assets. As proprietary communication protocols are increasingly being used over public networks without efficient protection mechanisms, it is increasingly easier for attackers to penetrate into the communication networks of companies that operate electrical power grids, water plants, and othe...
متن کاملA real time OCSVM Intrusion Detection module with low overhead for SCADA systems
In this paper we present a intrusion detection module capable of detecting malicious network traffic in a SCADA (Supervisory Control and Data Acquisition) system. Malicious data in a SCADA system disrupt its correct functioning and tamper with its normal operation. OCSVM (One-Class Support Vector Machine) is an intrusion detection mechanism that does not need any labeled data for training or an...
متن کاملSCADA-specific Intrusion Detection/Prevention Systems: A Survey and Taxonomy
Due to standardization and connectivity to the Internet, Supervisory Control and Data Acquisition (SCADA) systems now face the threat of cyber attacks. SCADA systems were designed without cyber security in mind and hence the problem of how to modify conventional Information Technology (IT) intrusion detection techniques to suit the needs of SCADA is a big challenge. We explain the nuance associ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1711.02826 شماره
صفحات -
تاریخ انتشار 2017