Intrusion detection in SCADA systems by traffic periodicity and telemetry analysis

Zhang, Jiexin; Gan, Shaoduo; Liu, Xiaoxue; Zhu, Peidong

doi:10.1109/iscc.2016.7543760

Cited by 11 publications

(2 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, a series of features for the machine learning input was selected, and the structure was used for a real industrial process control network. A SCADA based IDS was designed in [20], which could deal with the denial of service attacks. The network was investigated to resist response injection and denial of service attacks.…”

Section: Related Workmentioning

confidence: 99%

A Two Stage Intrusion Detection System for Industrial Control Networks Based on Ethernet/IP

Wang

Song

2019

Electronics

View full text Add to dashboard Cite

Standard Ethernet (IEEE 802.3 and the TCP/IP protocol suite) is gradually applied in industrial control system (ICS) with the development of information technology. It breaks the natural isolation of ICS, but contains no security mechanisms. An improved intrusion detection system (IDS), which is strongly correlated to specific industrial scenarios, is necessary for modern ICS. On one hand, this paper outlines three kinds of attack models, including infiltration attacks, creative forging attacks, and false data injection attacks. On the other hand, a two stage IDS is proposed, which contains a traffic prediction model and an anomaly detection model. The traffic prediction model, which is based on the autoregressive integrated moving average (ARIMA), can forecast the traffic of the ICS network in the short term and detect infiltration attacks precisely according to the abnormal changes in traffic patterns. Furthermore, the anomaly detection model, using a one class support vector machine (OCSVM), is able to detect malicious control instructions by analyzing the key field in Ethernet/IP packets. The confusion matrix is selected to testify to the effectiveness of the proposed method, and two other innovative IDSs are used for comparison. The experiment results show that the proposed two stage IDS in this paper has an outstanding performance in detecting infiltration attacks, forging attacks, and false data injection attacks compared with other IDSs.

show abstract

Section: Related Workmentioning

confidence: 99%

A Two Stage Intrusion Detection System for Industrial Control Networks Based on Ethernet/IP

Wang

Song

2019

Electronics

View full text Add to dashboard Cite

show abstract

“…Also, a series of features for the machine learning input is selected and the structure was used for real industrial process control network. [20] designed an SCADA based IDS, which could deal with the Denial of Service Attacks. The network was investigated to resist response injection and denial of service attacks.…”

Section: Related Workmentioning

confidence: 99%

A Hierarchical Intrusion Detection System for Industrial Control Networks based on EtherNet/IP

Yu¹,

Wang²,

Song³

2019

Preprint

View full text Add to dashboard Cite

Standard Ethernet (IEEE 802.3 and the TCP/IP protocol suite) is gradually applied in industrial control system (ICS) with the development of information technology. It breaks the natural isolation of ICS, but contains no security mechanism. A modified intrusion detection system (IDS), which is strongly correlated to specific industrial scenario, is necessary for modern ICS. On the one hand, this paper outlines attack models, including infiltration attacks and our creative forging attack. On the other hand, we proposes a hierarchical IDS, which contains a traffic prediction model and an anomaly detection model. The traffic prediction model, which is based on autoregressive integrated moving average (ARIMA), can forecast the traffic of ICS network in the short term and precisely detect the infiltration attacks according to abnormal changes in traffic pattern. The anomaly detection model using one-class support vector machine (OCSVM) is able to detect malicious control instructions by analyzing the key field in EtherNet/IP packets. The experimental results show that the hierarchical IDS has an outstanding performance in detecting infiltration attacks and forging attack compared with other two innovative IDSs.

show abstract

Modelling Adversarial Flow in Software-Defined Industrial Control Networks Using a Queueing Network Model

Nweke

Wolthusen

2020

2020 IEEE Conference on Communications and Network Security (CNS)

View full text Add to dashboard Cite

In recent years, software defined networking (SDN) has been proposed for enhancing the security of industrial control networks. However, its ability to guarantee the quality of service (QoS) requirements of such networks in the presence of adversarial flow still needs to be investigated. Queueing theory and particularly queueing network models have long been employed to study the performance and QoS characteristics of networks. The latter appears to be particularly suitable to capture the behaviour of SDN owing to the dependencies between layers, planes and components in an SDN architecture. Also, several authors have used queueing network models to study the behaviour of different application of SDN architectures, but none of the existing works have considered the strong periodic network traffic in software-defined industrial control networks. In this paper, we propose a queueing network model for softwaredefined industrial control networks, taking into account the strong periodic patterns of the network traffic in the data plane. We derive the performance measures for the analytical model and apply the queueing network model to study the effect of adversarial flow in software-defined industrial control networks.

show abstract

Intrusion detection in SCADA systems by traffic periodicity and telemetry analysis

Cited by 11 publications

References 12 publications

A Two Stage Intrusion Detection System for Industrial Control Networks Based on Ethernet/IP

A Two Stage Intrusion Detection System for Industrial Control Networks Based on Ethernet/IP

A Hierarchical Intrusion Detection System for Industrial Control Networks based on EtherNet/IP

Modelling Adversarial Flow in Software-Defined Industrial Control Networks Using a Queueing Network Model

Contact Info

Product

Resources

About