Skip to main content
SpringerLink
Log in

Probability Risk Identification Based Intrusion Detection System for SCADA Systems

  • Conference paper
  • First Online:
Mobile Networks and Management (MONAMI 2017)

Included in the following conference series:

Abstract

As Supervisory Control and Data Acquisition (SCADA) systems control several critical infrastructures, they have connected to the internet. Consequently, SCADA systems face different sophisticated types of cyber adversaries. This paper suggests a Probability Risk Identification based Intrusion Detection System (PRI-IDS) technique based on analysing network traffic of Modbus TCP/IP for identifying replay attacks. It is acknowledged that Modbus TCP is usually vulnerable due to its unauthenticated and unencrypted nature. Our technique is evaluated using a simulation environment by configuring a testbed, which is a custom SCADA network that is cheap, accurate and scalable. The testbed is exploited when testing the IDS by sending individual packets from an attacker located on the same LAN as the Modbus master and slave. The experimental results demonstrated that the proposed technique can effectively and efficiently recognise replay attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ahmed, I., Roussev, V., Johnson, W., Senthivel, S., Sudhakaran, S.: A SCADA system testbed for cybersecurity and forensic research and pedagogy. In: ICSS 2016, pp. 1–9. ACM, 6 December 2016

    Google Scholar 

  2. Alves, T., Das, R., Morris, T.: Virtualization of industrial control system testbeds for cybersecurity. In: ICSS 2016, pp. 10–14. ACM, 6 December 2016

    Google Scholar 

  3. Alves, T.R.: The openPLC project. http://www.openplcproject.com

  4. Amor, N.B., Benferhat, S., Elouedi, Z.: Naive Bayes vs decision trees in intrusion detection systems. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 420–424. ACM (2004)

    Google Scholar 

  5. Bartman, T., Carson, K.: Securing communications for SCADA and critical industrial systems, pp. 1–10. IEEE (2016)

    Google Scholar 

  6. Biondi, P.: Welcome to scapys documentation! 19 April 2010. http://www.secdev.org/projects/scapy/doc/

  7. Deri, L., SpA, F., Serra, C.: Ntop: a Lightweight Open-Source Network IDS

    Google Scholar 

  8. Erickson, K.T.: Programmable logic controllers (2011)

    Google Scholar 

  9. Fovino, I.N., Carcano, A., Masera, M., Trombetta, A.: Design and implementation of a secure modbus protocol. Crit. Infrastruct. Protect. 3, 83–96 (2009)

    Google Scholar 

  10. Fovino, I.N., Carcano, A., Masera, M., Trombetta, A.: An experimental investigation of malware attacks on SCADA systems. Int. J. Crit. Infrastruct. Protect. 2(4), 139–145 (2009)

    Article  Google Scholar 

  11. Fovino, I.N., Carcano, A., Murel, T.D.L., Trombetta, A., Masera, M.: Modbus/DNP3 state-based intrusion detection system, pp. 729–736. IEEE Computer Society, Washington, DC (2010)

    Google Scholar 

  12. Gao, W., Morris, T., Reaves, B., Richey, D.: On SCADA control system command and response injection and intrusion detection. In: 2010 eCrime Researchers Summit, pp. 1–9, October 2010

    Google Scholar 

  13. Genge, B., Nai Fovino, I., Siaterlis, C., Masera, M.: Analyzing cyber-physical attacks on networked industrial control systems. In: Butts, J., Shenoi, S. (eds.) ICCIP 2011. IAICT, vol. 367, pp. 167–183. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24864-1_12

    Chapter  Google Scholar 

  14. Hassan, M., Moustafa, N., Sitnikova, E., Creech, G.: Privacy preservation intrusion detection technique for SCADA systems. In: Military Communications and Information Systems Conference (MilCIS). IEEE (2017)

    Google Scholar 

  15. Igure, V.M., Laughter, S.A., Williams, R.D.: Security issues in SCADA networks. Comput. Secur. 25(7), 498–506 (2006)

    Article  Google Scholar 

  16. JGraph: Draw.io (2017). https://www.draw.io/

  17. Kim, D.S., Lee, S.M., Park, J.S.: Building lightweight intrusion detection system based on random forest. In: Wang, J., Yi, Z., Zurada, J.M., Lu, B.-L., Yin, H. (eds.) ISNN 2006. LNCS, vol. 3973, pp. 224–230. Springer, Heidelberg (2006). https://doi.org/10.1007/11760191_33

    Chapter  Google Scholar 

  18. Lemay, A., Fernandez, J.: Providing SCADA network data sets for intrusion detection research. In: USENIX Association, Austin (2016)

    Google Scholar 

  19. Mo, Y., Kim, T.H.J., Brancik, K., Dickinson, D., Lee, H., Perrig, A., Sinopoli, B.: Cyber-physical security of a smart grid infrastructure. Proc. IEEE 100(1), 195–209 (2012)

    Article  Google Scholar 

  20. Morris, T., Vaughn, R., Dandass, Y.: A retrofit network intrusion detection system for MODBUS RTU and ASCII industrial control systems. In: 2012 45th Hawaii International Conference on System Sciences, pp. 2338–2345, January 2012

    Google Scholar 

  21. Morris, T., Alves, T., Das, R.: Virtualization of industrial control system testbeds for cybersecurity, December 2016

    Google Scholar 

  22. Morris, T., Thornton, Z., Turnipseed, Z.: Industrial control system simulation and data logging for intrusion detection system research, 19 November 2013

    Google Scholar 

  23. Moustafa, N., Creech, G., Slay, J.: Big data analytics for intrusion detection system: statistical decision-making using finite Dirichlet mixture models. In: Palomares Carrascosa, I., Kalutarage, H.K., Huang, Y. (eds.) Data Analytics and Decision Support for Cybersecurity. DA, pp. 127–156. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59439-2_5

    Chapter  Google Scholar 

  24. Moustafa, N., Slay, J., Creech, G.: Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Trans. Big Data (2017)

    Google Scholar 

  25. Nicholson, A., Webber, S., Dyer, S., Patel, T., Janicke, H.: Scada security in the light of cyber-warfare. Comput. Secur. 31(4), 418–436 (2012)

    Article  Google Scholar 

  26. Peterson, L.E.: K-nearest neighbor. Scholarpedia 4(2), 1883 (2009)

    Article  Google Scholar 

  27. Puketza, N.J., Zhang, K., Chung, M., Mukherjee, B., Olsson, R.A.: A methodology for testing intrusion detection systems. IEEE Trans. Softw. Eng. 22(10), 719–729 (1996)

    Article  Google Scholar 

  28. Python: Welcome to python.org. https://www.python.org/about/

  29. ScadaBR: Scadabr home (2017). http://www.scadabr.com.br/

  30. Yüksel, Ö., den Hartog, J., Etalle, S.: Reading between the fields. In: SAC 2016, pp. 2063–2070. ACM, 4 April 2016

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Engineering and Information Technology, UNSW Canberra, Canberra, Australia

    Thomas Marsden, Nour Moustafa, Elena Sitnikova & Gideon Creech

Authors
  1. Thomas Marsden
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nour Moustafa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Elena Sitnikova
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gideon Creech
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Elena Sitnikova .

Editor information

Editors and Affiliations

  1. SEIT, UNSW Canberra, Canberra, Australia

    Jiankun Hu

  2. RMIT University, Melbourne, Victoria, Australia

    Ibrahim Khalil

  3. RMIT University, Melbourne, Victoria, Australia

    Zahir Tari

  4. Swinburne University of Technology, Hawthorne, Melbourne, Victoria, Australia

    Sheng Wen

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Marsden, T., Moustafa, N., Sitnikova, E., Creech, G. (2018). Probability Risk Identification Based Intrusion Detection System for SCADA Systems. In: Hu, J., Khalil, I., Tari, Z., Wen, S. (eds) Mobile Networks and Management. MONAMI 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 235. Springer, Cham. https://doi.org/10.1007/978-3-319-90775-8_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-90775-8_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-90774-1

  • Online ISBN: 978-3-319-90775-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation