A Linux-based firewall for the DNP3 protocol

Nivethan, Jeyasingam; Papa, Mauricio

doi:10.1109/ths.2016.7568963

Cited by 13 publications

(12 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Nivethan and Papa [126] presented an extension of Linuxbased firewalls for securing DNP3-based infrastructures. The proposed scheme uses the iptables tool [127] in order to inspect the payload of a DNP3 message and identify suspicious DNP3 commands.…”

Section: Dnpmentioning

confidence: 99%

A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics

Pliatsios

Sarigiannidis

Λάγκας

et al. 2020

IEEE Commun. Surv. Tutorials

186

View full text Add to dashboard Cite

Supervisory Control and Data Acquisition (SCADA) systems are the underlying monitoring and control components of critical infrastructures, such as power, telecommunication, transportation, pipelines, chemicals and manufacturing plants. Legacy SCADA systems operated on isolated networks, that made them less exposed to Internet threats. However, the increasing connection of SCADA systems to the Internet, as well as corporate networks, introduces severe security issues. Security considerations for SCADA systems are gaining higher attention, as the number of security incidents against these critical infrastructures is increasing. In this survey, we provide an overview of the general SCADA architecture, along with a detailed description of the SCADA communication protocols. Additionally, we discuss certain high-impact security incidents, objectives, and threats. Furthermore, we carry out an extensive review of the security proposals and tactics that aim to secure SCADA systems. We also discuss the state of SCADA system security. Finally, we present the current research trends and future advancements of SCADA security.

show abstract

Section: Dnpmentioning

confidence: 99%

A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics

Pliatsios

Sarigiannidis

Λάγκας

et al. 2020

IEEE Commun. Surv. Tutorials

186

View full text Add to dashboard Cite

show abstract

“…The related studies were organized based on the header field feature and the payload field feature. Anomaly detection methods based on static-rule-based [14][15][16][17][18] and modeling-based [19][20][21][22][23][24] learning of header field features have been proposed in various studies. The staticrule-based studies are similar to firewall rule generation studies in the IT network environment.…”

Section: Related Workmentioning

confidence: 99%

“…Yun [16] proposed a whitelist generation method for traffic patterns based on the header information of a packet using each command. Nivethan [17] and Li [18] focused on detailed protocol fields for firewall rule generation. Studies regarding modeling-and statistics-based anomaly detection often involve command codes, address values, or transaction identification (ID) of CPIS header fields.…”

Section: Related Workmentioning

confidence: 99%

Unknown Payload Anomaly Detection Based on Format and Field Semantics Inference in Cyber-Physical Infrastructure Systems

Kim

et al. 2021

IEEE Access

View full text Add to dashboard Cite

A cyber-physical infrastructure system (CPIS) is a system that controls and manages critical infrastructure such as smart manufacturing, water treatment facilities, power generation, and distribution facilities. Although these CPISs focus on the security of air-gapped network environments, strict isolation from the outside network is difficult to achieve, leading to various attacks. CPISs also comprise various devices and proprietary communication protocols that are used exclusively for each domain and site. Therefore, experts have to adopt a customized strategy to enhance security in CPIS networks after analyzing each domain, device, and protocol in advance. These methods require a significant amount of time, cost, and manpower; consequently, they are difficult to apply existing security methods in the real field. As a solution, a method is proposed herein that includes the following: 1) inferencing the CPIS protocol format and field semantics based on the characteristics of CPIS networks and protocols; 2) multilevel anomaly detection based on the meaning and values of each inferred field. The proposed method does not require knowledge of each site and protocol. In addition, the inference method can be used to analyze the payload field, including the state and measurement value, as well as the header field. Finally, we validate the proposed technique using an open-source CPIS network dataset including response injection, command injection, denial-of-service, and reconnaissance attacks. In addition, in the aspect of detection efficiency, the proposed technique exhibits comparable performance to that of existing knowledge-based anomaly detection methods.

show abstract

“…A number of industrial control systems still use the DNP3 protocol but do not support security functions. To detect attacks targeting the DNP3 protocol, many studies [1]- [5] have been conducted.…”

Section: Dnp3 Protocol and Its Securitymentioning

confidence: 99%

“…H. Lin et al [3] conducted a study to detect attacks based on the specification information of the DNP3 protocol, and Yun et al [4] conducted anomaly detection using burst-based communication patterns. J. Nivethan et al [5] described a Linux-based firewall for the DNP3 protocol, and A. Shahsavari et al [6] and H. Xu et al [7] conducted data payload analyses of smart grids. Unfortunately, all of these techniques focus on detecting attacks against data payloads and do not examine packet reassembly failures.…”

Section: Introductionmentioning

confidence: 99%

Recovery Measure against Disabling Reassembly Attack to DNP3 Communication

Kwon

Yoo

Shon

2017

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYIn the past, the security of industrial control systems was guaranteed by their obscurity. However, as devices of industrial control systems became more varied and interaction between these devices became necessary, effective management systems for such networks emerged. This triggered the need for cyber-physical systems that connect industrial control system networks and external system networks. The standards for the protocols in industrial control systems explain security functions in detail, but many devices still use nonsecure communication because it is difficult to update existing equipment. Given this situation, a number of studies are being conducted to detect attacks against industrial control system protocols, but these studies consider only data payloads without considering the case that industrial control systems' availability is infringed owing to packet reassembly failures. Therefore, with regard to the DNP3 protocol, which is used widely in industrial control systems, this paper describes attacks that can result in packet reassembly failures, proposes a countermeasure, and tests the proposed countermeasure by conducting actual attacks and recoveries. The detection of a data payload should be conducted after ensuring the availability of an industrial control system by using this type of countermeasure.

show abstract

A Linux-based firewall for the DNP3 protocol

Cited by 13 publications

References 2 publications

A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics

A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics

Unknown Payload Anomaly Detection Based on Format and Field Semantics Inference in Cyber-Physical Infrastructure Systems

Recovery Measure against Disabling Reassembly Attack to DNP3 Communication

Contact Info

Product

Resources

About