Detecting Abnormal Behavior in SCADA Networks Using Normal Traffic Pattern Learning

Kim, Byoungkoo; Kang, Dong-Ho; Na, Jung-Chan; Chung, Tai-Myoung

doi:10.1007/978-3-662-45402-2_18

Cited by 7 publications

(6 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most research on the use of features generated from network traffic to detect anomalies focuses on specific protocols such as MODBUS/TCP or Profinet. The papers [12,16,34] utilise network traffic to establish a pattern of conventional MODBUS/TCP communications. [12] implement a deterministic finite automaton (DFA) for each communication between a human-machine interface and different programmable logic controllers (PLCs).…”

Section: Related Workmentioning

confidence: 99%

Network intrusion detection system for DDoS attacks in ICS using deep autoencoders

et al. 2023

View full text Add to dashboard Cite

Anomaly detection in industrial control and cyber-physical systems has gained much attention over the past years due to the increasing modernisation and exposure of industrial environments. Current dangers to the connected industry include the theft of industrial intellectual property, denial of service, or the compromise of cloud components; all of which might result in a cyber-attack across the operational network. However, most scientific work employs device logs, which necessitate substantial understanding and preprocessing before they can be used in anomaly detection. In this paper, we propose a network intrusion detection system (NIDS) architecture based on a deep autoencoder trained on network flow data, which has the advantage of not requiring prior knowledge of the network topology or its underlying architecture. Experimental results show that the proposed model can detect anomalies, caused by distributed denial of service attacks, providing a high detection rate and low false alarms, outperforming the state-of-the-art and a baseline model in an unsupervised learning environment. Furthermore, the deep autoencoder model can detect abnormal behaviour in legitimate devices after an attack. We also demonstrate the suitability of the proposed NIDS in a real industrial plant from the alimentary sector, analysing the false positive rate and the viability of the data generation, filtering and preprocessing procedure for a near real time scenario. The suggested NIDS architecture is a low-cost solution that uses only fifteen network-based features, requires minimal processing, operates in unsupervised mode, and is straightforward to deploy in real-world scenarios.

show abstract

Section: Related Workmentioning

confidence: 99%

Network intrusion detection system for DDoS attacks in ICS using deep autoencoders

et al. 2023

View full text Add to dashboard Cite

show abstract

“…The normal profile can be constructed using many categories of data sources. The work in [8,[16][17][18] used network traffic within ICS as a data source to model the normal communication. The Hidden Markov model (HMM) [16] was used to model packets delivered between devices for intrusion detection.…”

Section: Related Workmentioning

confidence: 99%

“…The Hidden Markov model (HMM) [16] was used to model packets delivered between devices for intrusion detection. In addition, [17] proposed a method that learns the Modbus/TCP traffic transactions using the request message only. The authors of [18] employed a dynamic Bayesian network structure to characterize normal command and data sequences at a network level and achieved a low false positive rate.…”

Section: Related Workmentioning

confidence: 99%

Anomaly Detection for Industrial Control System Based on Autoencoder Neural Network

Wang

Liu

et al. 2020

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

As the Industrial Internet of Things (IIoT) develops rapidly, cloud computing and fog computing become effective measures to solve some problems, e.g., limited computing resources and increased network latency. The Industrial Control Systems (ICS) play a key factor within the development of IIoT, whose security affects the whole IIoT. ICS involves many aspects, like water supply systems and electric utilities, which are closely related to people’s lives. ICS is connected to the Internet and exposed in the cyberspace instead of isolating with the outside recent years. The risk of being attacked increases as a result. In order to protect these assets, intrusion detection systems (IDS) have drawn much attention. As one kind of intrusion detection, anomaly detection provides the ability to detect unknown attacks compared with signature-based techniques, which are another kind of IDS. In this paper, an anomaly detection method with a composite autoencoder model learning the normal pattern is proposed. Unlike the common autoencoder neural network that predicts or reconstructs data separately, our model makes prediction and reconstruction on input data at the same time, which overcomes the shortcoming of using each one alone. With the error obtained by the model, a change ratio is put forward to locate the most suspicious devices that may be under attack. In the last part, we verify the performance of our method by conducting experiments on the SWaT dataset. The results show that the proposed method exhibits improved performance with 88.5% recall and 87.0% F1-score.

show abstract

“…Journal of Manufacturing Systems 47 (2018) [93][94][95][96][97][98][99][100][101][102][103][104][105][106] example, the data held in data historians' and engineers' workstations could be altered, or the network data packets could be changed causing, significant damage to the operation of the plant.…”

Section: N Tuptuk S Hailesmentioning

confidence: 99%

Security of smart manufacturing systems

Tuptuk

Hailes

2018

Journal of Manufacturing Systems

309

128

View full text Add to dashboard Cite

A B S T R A C TA revolution in manufacturing systems is underway: substantial recent investment has been directed towards the development of smart manufacturing systems that are able to respond in real time to changes in customer demands, as well as the conditions in the supply chain and in the factory itself. Smart manufacturing is a key component of the broader thrust towards Industry 4.0, and relies on the creation of a bridge between digital and physical environments through Internet of Things (IoT) technologies, coupled with enhancements to those digital environments through greater use of cloud systems, data analytics and machine learning. Whilst these individual technologies have been in development for some time, their integration with industrial systems leads to new challenges as well as potential benefits. In this paper, we explore the challenges faced by those wishing to secure smart manufacturing systems. Lessons from history suggest that where an attempt has been made to retrofit security on systems for which the primary driver was the development of functionality, there are inevitable and costly breaches. Indeed, today's manufacturing systems have started to experience this over the past few years; however, the integration of complex smart manufacturing technologies massively increases the scope for attack from adversaries aiming at industrial espionage and sabotage. The potential outcome of these attacks ranges from economic damage and lost production, through injury and loss of life, to catastrophic nation-wide effects. In this paper, we discuss the security of existing industrial and manufacturing systems, existing vulnerabilities, potential future cyber-attacks, the weaknesses of existing measures, the levels of awareness and preparedness for future security challenges, and why security must play a key role underpinning the development of future smart manufacturing systems.

show abstract

Detecting Abnormal Behavior in SCADA Networks Using Normal Traffic Pattern Learning

Cited by 7 publications

References 4 publications

Network intrusion detection system for DDoS attacks in ICS using deep autoencoders

Network intrusion detection system for DDoS attacks in ICS using deep autoencoders

Anomaly Detection for Industrial Control System Based on Autoencoder Neural Network

Security of smart manufacturing systems

Contact Info

Product

Resources

About