Framework for SCADA cyber-attack dataset creation

Rodofile, Nicholas R.; Radke, Kenneth; Foo, Ernest

doi:10.1145/3014812.3014883

Cited by 17 publications

(10 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On the other side, regarding the validation of MENSA for anomaly classification, the Modbus/TCP cyberattacks of Table I were emulated in a safe manner, utilising Smod [47]. Regarding the DNP3 cyberattacks, the intrusion detection dataset of Rodofile et al [48] was combined with normal DNP3 network flows of the substation environment. Thus, datasets consisting of normal and malicious Modbus/TCP and DNP3 network flows were generated.…”

Section: B Datasets and Comparative Methodsmentioning

confidence: 99%

A Unified Deep Learning Anomaly Detection and Classification Approach for Smart Grid Environments

Siniosoglou

Radoglou-Grammatikis

Efstathopoulos³

et al. 2021

IEEE Trans. Netw. Serv. Manage.

106

View full text Add to dashboard Cite

The interconnected and heterogeneous nature of the next-generation Electrical Grid (EG), widely known as Smart Grid (SG), bring severe cybersecurity and privacy risks that can also raise domino effects against other Critical Infrastructures (CIs). In this paper, we present an Intrusion Detection System (IDS) specially designed for the SG environments that use Modbus/Transmission Control Protocol (TCP) and Distributed Network Protocol 3 (DNP3) protocols. The proposed IDS called MENSA (anoMaly dEtection aNd claSsificAtion) adopts a novel Autoencoder-Generative Adversarial Network (GAN) architecture for (a) detecting operational anomalies and (b) classifying Modbus/TCP and DNP3 cyberattacks. In particular, MENSA combines the aforementioned Deep Neural Networks (DNNs) in a common architecture, taking into account the adversarial loss and the reconstruction difference. The proposed IDS is validated in four real SG evaluation environments, namely (a) SG lab, (b) substation, (c) hydropower plant and (d) power plant, solving successfully an outlier detection (i.e., anomaly detection) problem as well as a challenging multiclass classification problem consisting of 14 classes (13 Modbus/TCP cyberattacks and normal instances). Furthermore, MENSA can discriminate five cyberattacks against DNP3. The evaluation results demonstrate the efficiency of MENSA compared to other Machine Learning (ML) and Deep Learning (DL) methods in terms of Accuracy, False Positive Rate (FPR), True Positive Rate (TPR) and the F1 score.

show abstract

Section: B Datasets and Comparative Methodsmentioning

confidence: 99%

A Unified Deep Learning Anomaly Detection and Classification Approach for Smart Grid Environments

Siniosoglou

Radoglou-Grammatikis

Efstathopoulos³

et al. 2021

IEEE Trans. Netw. Serv. Manage.

106

View full text Add to dashboard Cite

show abstract

“…The DNP3 Network Flow-Based Anomaly Detection Model uses the ABOD method [44,45], thus identifying anomalous DNP3 network flows. Both models were trained, utilising normal DNP3 network flow statistics coming from a real substation environment as well as from the DNP3 intrusion detection dataset of N.Rodofile et al [46]. The evaluation analysis of these DNP3 intrusion/anomaly detection models is presented in our previous work in [41].…”

Section: Dnp3 Intrusionmentioning

confidence: 99%

SPEAR SIEM: A Security Information and Event Management system for the Smart Grid

et al. 2021

View full text Add to dashboard Cite

The technological leap of smart technologies has brought the conventional electrical grid in a new digital era called Smart Grid (SG), providing multiple benefits, such as two-way communication, pervasive control and self-healing. However, this new reality generates significant cybersecurity risks due to the heterogeneous and insecure nature of SG. In particular, SG relies on legacy communication protocols that have not been implemented having cybersecurity in mind. Moreover, the advent of the Internet of Things (IoT) creates severe cybersecurity challenges. The Security Information and Event Management (SIEM) systems constitute an emerging technology in the cybersecurity area, having the capability to detect, normalise and correlate a vast amount of security events. They can orchestrate the entire security of a smart ecosystem, such as SG. Nevertheless, the current SIEM systems do not take into account the unique SG peculiarities and characteristics like the legacy communication protocols. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) SIEM, which focuses on SG. The main contribution of our work is the design and implementation of a SIEM system capable of detecting, normalising and correlating cyberattacks and anomalies against a plethora of SG application-layer protocols. It is noteworthy that the detection performance of the SPEAR SIEM is demonstrated with real data originating from four real SG use case (a) hydropower plant, (b) substation, (c) power plant and (d) smart home.

show abstract

“…The researchers use the attack scenario with MiTM attacker that targets the IEC 104 protocol by changing the cause of transmission (COT) value to an invalid value. The work focuses on the MiTM type of attack for changing the (COT) value, however many other attack types are carried out by other research works, such as in [9] which uses DoS Attack on IEC 104 protocol, and in [18] which uses injection and dropping attack on DNP3 protocol, researchers in [21] conduct experiments on reconnaissance, injection, masquerading, replay, and flooding attack on DNP3 protocol. In this case, the dataset used by [11] is not suitable for the use in other attack scenarios.…”

Section: Dataset Issuementioning

confidence: 99%

The trends of supervisory control and data acquisition security challenges in heterogeneous networks

Arifin

Susanto²,

Stiawan

et al. 2021

IJEECS

View full text Add to dashboard Cite

<p>Supervisory control and data acquisition (SCADA) has an important role in communication between devices in strategic industries such as power plant grid/network. Besides, the SCADA system is now open to any external heterogeneous networks to facilitate monitoring of industrial equipment, but this causes a new vulnerability in the SCADA network system. Any disruption on the SCADA system will give rise to a dangerous impact on industrial devices. Therefore, deep research and development of reliable intrusion detection system (IDS) for SCADA system/network is required. Via a thorough literature review, this paper firstly discusses current security issues of SCADA system and look closely benchmark dataset and SCADA security holes, followed by SCADA traffic anomaly recognition using artificial intelligence techniques and visual traffic monitoring system. Then, touches on the encryption technique suitable for the SCADA network. In the end, this paper gives the trend of SCADA IDS in the future and provides a proposed model to generate a reliable IDS, this model is proposed based on the investigation of previous researches. This paper focuses on SCADA systems that use IEC 60870-5-104 (IEC 104) protocol and distributed network protocol version 3 (DNP3) protocol as many SCADA systems use these two protocols.</p>

show abstract

Framework for SCADA cyber-attack dataset creation

Cited by 17 publications

References 11 publications

A Unified Deep Learning Anomaly Detection and Classification Approach for Smart Grid Environments

A Unified Deep Learning Anomaly Detection and Classification Approach for Smart Grid Environments

SPEAR SIEM: A Security Information and Event Management system for the Smart Grid

The trends of supervisory control and data acquisition security challenges in heterogeneous networks

Contact Info

Product

Resources

About