Generating Attacks and Labelling Attack Datasets for Industrial Control Intrusion Detection Systems

Rodofile, Nicholas R.

doi:10.5204/thesis.eprints.121760

Cited by 5 publications

(4 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An attacker can obtain the network control through a phishing attack to the site operators [9] or by exploiting the security lack of the legacy devices connected to the Internet [11]. There are different actions that malicious actors can perform, but it is possible to categorize the main ones into five different classes [55], [56] of network attack. These attacks are also implemented in the testbeds to generate abnormal operating conditions.…”

Section: A Typical Attacksmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Industrial Control System Testbeds and Datasets for Security Research

Conti,

Donadel,

Turrin

2021

Preprint

View full text Add to dashboard Cite

The increasing digitization and interconnection of legacy Industrial Control Systems (ICSs) open new vulnerability surfaces, exposing such systems to malicious attackers. Furthermore, since ICSs are often employed in critical infrastructures (e.g., nuclear plants) and manufacturing companies (e.g., chemical industries), attacks can lead to devastating physical damages. In dealing with this security requirement, the research community focuses on developing new security mechanisms such as Intrusion Detection Systems (IDSs), facilitated by leveraging modern machine learning techniques. However, these algorithms require a testing platform and a considerable amount of data to be trained and tested accurately. To satisfy this prerequisite, Academia, Industry, and Government are increasingly proposing testbed (i.e., scaled-down versions of ICSs or simulations) to test the performances of the IDSs. Furthermore, to enable researchers to cross-validate security systems (e.g., security-bydesign concepts or anomaly detectors), several datasets have been collected from testbeds and shared with the community.In this paper, we provide a deep and comprehensive overview of ICSs, presenting the architecture design, the employed devices, and the security protocols implemented. We then collect, compare, and describe testbeds and datasets in the literature, highlighting key challenges and design guidelines to keep in mind in the design phases. Furthermore, we enrich our work by reporting the best performing IDS algorithms tested on every dataset to create a baseline in state of the art for this field. Finally, driven by knowledge accumulated during this survey's development, we report advice and good practices on the development, the choice, and the utilization of testbeds, datasets, and IDSs.

show abstract

Section: A Typical Attacksmentioning

confidence: 99%

“…QUT DNP3 [56], [187] is a dataset presented in the Ph.D. dissertation of the author. The dataset contains data collected from a small section of a transmission substation SCADA network.…”

Section: E Network Levelmentioning

confidence: 99%

A Survey on Industrial Control System Testbeds and Datasets for Security Research

Conti,

Donadel,

Turrin

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…In addition, many commands of the protocol, such as reset command, query commands, and read commands, do not have authentication mechanisms built in, allowing unauthorized access. One exploit of the aforementioned protocol vulnerability would be the MITM-based FDI, which refers to an attacker who could intercept the logical connection between communicating devices (e.g., between MTU and RTU) [12] and inject their messages (e.g., a false command) through an MITM attack [13]. Given the lack of security mechanisms in the IEC-104 protocol, the attacker would then be able to read, modify, inject, or discard sent or new messages between the intercepted endpoints [14].…”

Section: A Cyber Security In Power Process Networkmentioning

confidence: 99%

“…Moreover, further work is being done to present an approach to providing a data generation framework focused on DNP3 MITM-based injection attacks [21] and data and control manipulation attacks over IEC 61850 in secondary substations [22]. In addition, studies have been conducted on synthesis frameworks for specific attack vectors [23] as well as on an automated marking process for deployed protocol-specific attack [13]. In this context, research on stealthy MITM attacks for FDI in DNP3 or Profinet is also conducted in a cyber-physical test environment to analyze the impact on latency [24] or generate datasets for datadriven detection approaches [25].…”

Section: Related Workmentioning

confidence: 99%

Investigating Man-in-the-Middle-based False Data Injection in a Smart Grid Laboratory Environment

Şen¹,

Velde²,

Linnartz³

et al. 2021

Preprint

View full text Add to dashboard Cite

With the increasing use of information and communication technology in electrical power grids, the security of energy supply is increasingly threatened by cyber-attacks. Traditional cyber-security measures, such as firewalls or intrusion detection/prevention systems, can be used as mitigation and prevention measures, but their effective use requires a deep understanding of the potential threat landscape and complex attack processes in energy information systems. Given the complexity and lack of detailed knowledge of coordinated, timed attacks in smart grid applications, we need information and insight into realistic attack scenarios in an appropriate and practical setting. In this paper, we present a man-in-the-middlebased attack scenario that intercepts process communication between control systems and field devices, employs false data injection techniques, and performs data corruption such as sending false commands to field devices. We demonstrate the applicability of the presented attack scenario in a physical smart grid laboratory environment and analyze the generated data under normal and attack conditions to extract domain-specific knowledge for detection mechanisms.

show abstract

Smart Substation Communications and Cybersecurity: A Comprehensive Survey

Gaspar

Cruz

Lam

et al. 2023

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

Electrical grids generate, transport, distribute and deliver electrical power to consumers through a complex Critical Infrastructure which progressively shifted from an air-gaped to a connected architecture. Specifically, Smart Substations are important parts of Smart Grids, providing switching, transforming, monitoring, metering and protection functions to offer a safe, efficient and reliable distribution of electrical power to consumers. The evolution of electrical power grids was closely followed by the digitization of all its parts and improvements in communication and computing infrastructures, leading to an evolution towards digital smart substations with improved connectivity. However, connected smart substations are exposed to cyber threats which can result in blackouts and faults which may propagate in a chain reaction and damage electrical appliances connected across the electrical grid. This work organizes and offers a comprehensive review of architectural, communications and cybersecurity standards for smart substations, complemented by a threat landscape analysis and the presentation of a Defense-in-Depth strategy blueprint. Furthermore, this work examines several defense mechanisms documented in the literature, existing datasets, testbeds and evaluation methodologies, identifying the most relevant open issues which may guide and inspire future research work.

show abstract

Generating Attacks and Labelling Attack Datasets for Industrial Control Intrusion Detection Systems

Cited by 5 publications

References 0 publications

A Survey on Industrial Control System Testbeds and Datasets for Security Research

A Survey on Industrial Control System Testbeds and Datasets for Security Research

Investigating Man-in-the-Middle-based False Data Injection in a Smart Grid Laboratory Environment

Smart Substation Communications and Cybersecurity: A Comprehensive Survey

Contact Info

Product

Resources

About