Abstract
As Supervisory Control and Data Acquisition (SCADA) systems control several critical infrastructures, they have connected to the internet. Consequently, SCADA systems face different sophisticated types of cyber adversaries. This paper suggests a Probability Risk Identification based Intrusion Detection System (PRI-IDS) technique based on analysing network traffic of Modbus TCP/IP for identifying replay attacks. It is acknowledged that Modbus TCP is usually vulnerable due to its unauthenticated and unencrypted nature. Our technique is evaluated using a simulation environment by configuring a testbed, which is a custom SCADA network that is cheap, accurate and scalable. The testbed is exploited when testing the IDS by sending individual packets from an attacker located on the same LAN as the Modbus master and slave. The experimental results demonstrated that the proposed technique can effectively and efficiently recognise replay attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ahmed, I., Roussev, V., Johnson, W., Senthivel, S., Sudhakaran, S.: A SCADA system testbed for cybersecurity and forensic research and pedagogy. In: ICSS 2016, pp. 1–9. ACM, 6 December 2016
Alves, T., Das, R., Morris, T.: Virtualization of industrial control system testbeds for cybersecurity. In: ICSS 2016, pp. 10–14. ACM, 6 December 2016
Alves, T.R.: The openPLC project. http://www.openplcproject.com
Amor, N.B., Benferhat, S., Elouedi, Z.: Naive Bayes vs decision trees in intrusion detection systems. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 420–424. ACM (2004)
Bartman, T., Carson, K.: Securing communications for SCADA and critical industrial systems, pp. 1–10. IEEE (2016)
Biondi, P.: Welcome to scapys documentation! 19 April 2010. http://www.secdev.org/projects/scapy/doc/
Deri, L., SpA, F., Serra, C.: Ntop: a Lightweight Open-Source Network IDS
Erickson, K.T.: Programmable logic controllers (2011)
Fovino, I.N., Carcano, A., Masera, M., Trombetta, A.: Design and implementation of a secure modbus protocol. Crit. Infrastruct. Protect. 3, 83–96 (2009)
Fovino, I.N., Carcano, A., Masera, M., Trombetta, A.: An experimental investigation of malware attacks on SCADA systems. Int. J. Crit. Infrastruct. Protect. 2(4), 139–145 (2009)
Fovino, I.N., Carcano, A., Murel, T.D.L., Trombetta, A., Masera, M.: Modbus/DNP3 state-based intrusion detection system, pp. 729–736. IEEE Computer Society, Washington, DC (2010)
Gao, W., Morris, T., Reaves, B., Richey, D.: On SCADA control system command and response injection and intrusion detection. In: 2010 eCrime Researchers Summit, pp. 1–9, October 2010
Genge, B., Nai Fovino, I., Siaterlis, C., Masera, M.: Analyzing cyber-physical attacks on networked industrial control systems. In: Butts, J., Shenoi, S. (eds.) ICCIP 2011. IAICT, vol. 367, pp. 167–183. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24864-1_12
Hassan, M., Moustafa, N., Sitnikova, E., Creech, G.: Privacy preservation intrusion detection technique for SCADA systems. In: Military Communications and Information Systems Conference (MilCIS). IEEE (2017)
Igure, V.M., Laughter, S.A., Williams, R.D.: Security issues in SCADA networks. Comput. Secur. 25(7), 498–506 (2006)
JGraph: Draw.io (2017). https://www.draw.io/
Kim, D.S., Lee, S.M., Park, J.S.: Building lightweight intrusion detection system based on random forest. In: Wang, J., Yi, Z., Zurada, J.M., Lu, B.-L., Yin, H. (eds.) ISNN 2006. LNCS, vol. 3973, pp. 224–230. Springer, Heidelberg (2006). https://doi.org/10.1007/11760191_33
Lemay, A., Fernandez, J.: Providing SCADA network data sets for intrusion detection research. In: USENIX Association, Austin (2016)
Mo, Y., Kim, T.H.J., Brancik, K., Dickinson, D., Lee, H., Perrig, A., Sinopoli, B.: Cyber-physical security of a smart grid infrastructure. Proc. IEEE 100(1), 195–209 (2012)
Morris, T., Vaughn, R., Dandass, Y.: A retrofit network intrusion detection system for MODBUS RTU and ASCII industrial control systems. In: 2012 45th Hawaii International Conference on System Sciences, pp. 2338–2345, January 2012
Morris, T., Alves, T., Das, R.: Virtualization of industrial control system testbeds for cybersecurity, December 2016
Morris, T., Thornton, Z., Turnipseed, Z.: Industrial control system simulation and data logging for intrusion detection system research, 19 November 2013
Moustafa, N., Creech, G., Slay, J.: Big data analytics for intrusion detection system: statistical decision-making using finite Dirichlet mixture models. In: Palomares Carrascosa, I., Kalutarage, H.K., Huang, Y. (eds.) Data Analytics and Decision Support for Cybersecurity. DA, pp. 127–156. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59439-2_5
Moustafa, N., Slay, J., Creech, G.: Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Trans. Big Data (2017)
Nicholson, A., Webber, S., Dyer, S., Patel, T., Janicke, H.: Scada security in the light of cyber-warfare. Comput. Secur. 31(4), 418–436 (2012)
Peterson, L.E.: K-nearest neighbor. Scholarpedia 4(2), 1883 (2009)
Puketza, N.J., Zhang, K., Chung, M., Mukherjee, B., Olsson, R.A.: A methodology for testing intrusion detection systems. IEEE Trans. Softw. Eng. 22(10), 719–729 (1996)
Python: Welcome to python.org. https://www.python.org/about/
ScadaBR: Scadabr home (2017). http://www.scadabr.com.br/
Yüksel, Ö., den Hartog, J., Etalle, S.: Reading between the fields. In: SAC 2016, pp. 2063–2070. ACM, 4 April 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Marsden, T., Moustafa, N., Sitnikova, E., Creech, G. (2018). Probability Risk Identification Based Intrusion Detection System for SCADA Systems. In: Hu, J., Khalil, I., Tari, Z., Wen, S. (eds) Mobile Networks and Management. MONAMI 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 235. Springer, Cham. https://doi.org/10.1007/978-3-319-90775-8_28
Download citation
DOI: https://doi.org/10.1007/978-3-319-90775-8_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-90774-1
Online ISBN: 978-3-319-90775-8
eBook Packages: Computer ScienceComputer Science (R0)