Probability Risk Identification Based Intrusion Detection System for SCADA Systems

Thomas Marsden; Nour Moustafa; Elena Sitnikova; Gideon Creech

doi:10.1007/978-3-319-90775-8_28

Probability Risk Identification Based Intrusion Detection System for SCADA Systems

Thomas Marsden, Nour Moustafa, Elena Sitnikova, Gideon Creech

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

19 Citations (Scopus)

Abstract

As Supervisory Control and Data Acquisition (SCADA) systems control several critical infrastructures, they have connected to the internet. Consequently, SCADA systems face different sophisticated types of cyber adversaries. This paper suggests a Probability Risk Identification based Intrusion Detection System (PRI-IDS) technique based on analysing network traffic of Modbus TCP/IP for identifying replay attacks. It is acknowledged that Modbus TCP is usually vulnerable due to its unauthenticated and unencrypted nature. Our technique is evaluated using a simulation environment by configuring a testbed, which is a custom SCADA network that is cheap, accurate and scalable. The testbed is exploited when testing the IDS by sending individual packets from an attacker located on the same LAN as the Modbus master and slave. The experimental results demonstrated that the proposed technique can effectively and efficiently recognise replay attacks.

Original language	English
Title of host publication	Mobile Networks and Management - 9th International Conference, MONAMI 2017, Proceedings
Editors	Sheng Wen, Jiankun Hu, Ibrahim Khalil, Zahir Tari
Publisher	Springer-Verlag
Pages	353-363
Number of pages	11
ISBN (Electronic)	978-3-319-90775-8
ISBN (Print)	978-3-319-90774-1
DOIs	https://doi.org/10.1007/978-3-319-90775-8_28
Publication status	Published - 2018
Externally published	Yes
Event	9th International Conference on Mobile Networks and Management, MONAMI 2017 - Melbourne, Australia Duration: 13 Dec 2017 → 15 Dec 2017

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	235
ISSN (Print)	1867-8211

Conference

Conference	9th International Conference on Mobile Networks and Management, MONAMI 2017
Country/Territory	Australia
City	Melbourne
Period	13/12/17 → 15/12/17

Keywords

MODBUS TCP
Network intrusion detection
Probability risk identification
SCADA
Security

Access to Document

10.1007/978-3-319-90775-8_28Licence: In Copyright

https://rdcu.be/cYA62Licence: In Copyright

Cite this

Marsden, T., Moustafa, N., Sitnikova, E., & Creech, G. (2018). Probability Risk Identification Based Intrusion Detection System for SCADA Systems. In S. Wen, J. Hu, I. Khalil, & Z. Tari (Eds.), Mobile Networks and Management - 9th International Conference, MONAMI 2017, Proceedings (pp. 353-363). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 235). Springer-Verlag. https://doi.org/10.1007/978-3-319-90775-8_28

Marsden, Thomas ; Moustafa, Nour ; Sitnikova, Elena et al. / Probability Risk Identification Based Intrusion Detection System for SCADA Systems. Mobile Networks and Management - 9th International Conference, MONAMI 2017, Proceedings. editor / Sheng Wen ; Jiankun Hu ; Ibrahim Khalil ; Zahir Tari. Springer-Verlag, 2018. pp. 353-363 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inbook{53bac0dc5f0d4db086312c97dd6de0f5,

title = "Probability Risk Identification Based Intrusion Detection System for SCADA Systems",

abstract = "As Supervisory Control and Data Acquisition (SCADA) systems control several critical infrastructures, they have connected to the internet. Consequently, SCADA systems face different sophisticated types of cyber adversaries. This paper suggests a Probability Risk Identification based Intrusion Detection System (PRI-IDS) technique based on analysing network traffic of Modbus TCP/IP for identifying replay attacks. It is acknowledged that Modbus TCP is usually vulnerable due to its unauthenticated and unencrypted nature. Our technique is evaluated using a simulation environment by configuring a testbed, which is a custom SCADA network that is cheap, accurate and scalable. The testbed is exploited when testing the IDS by sending individual packets from an attacker located on the same LAN as the Modbus master and slave. The experimental results demonstrated that the proposed technique can effectively and efficiently recognise replay attacks.",

keywords = "MODBUS TCP, Network intrusion detection, Probability risk identification, SCADA, Security",

author = "Thomas Marsden and Nour Moustafa and Elena Sitnikova and Gideon Creech",

year = "2018",

doi = "10.1007/978-3-319-90775-8_28",

language = "English",

isbn = "978-3-319-90774-1",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer-Verlag",

pages = "353--363",

editor = "Sheng Wen and Jiankun Hu and Ibrahim Khalil and Zahir Tari",

booktitle = "Mobile Networks and Management - 9th International Conference, MONAMI 2017, Proceedings",

note = "9th International Conference on Mobile Networks and Management, MONAMI 2017 ; Conference date: 13-12-2017 Through 15-12-2017",

}

Marsden, T, Moustafa, N, Sitnikova, E & Creech, G 2018, Probability Risk Identification Based Intrusion Detection System for SCADA Systems. in S Wen, J Hu, I Khalil & Z Tari (eds), Mobile Networks and Management - 9th International Conference, MONAMI 2017, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 235, Springer-Verlag, pp. 353-363, 9th International Conference on Mobile Networks and Management, MONAMI 2017, Melbourne, Australia, 13/12/17. https://doi.org/10.1007/978-3-319-90775-8_28

Probability Risk Identification Based Intrusion Detection System for SCADA Systems. / Marsden, Thomas; Moustafa, Nour; Sitnikova, Elena et al.

Mobile Networks and Management - 9th International Conference, MONAMI 2017, Proceedings. ed. / Sheng Wen; Jiankun Hu; Ibrahim Khalil; Zahir Tari. Springer-Verlag, 2018. p. 353-363 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 235).

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

TY - CHAP

T1 - Probability Risk Identification Based Intrusion Detection System for SCADA Systems

AU - Marsden, Thomas

AU - Moustafa, Nour

AU - Sitnikova, Elena

AU - Creech, Gideon

PY - 2018

Y1 - 2018

N2 - As Supervisory Control and Data Acquisition (SCADA) systems control several critical infrastructures, they have connected to the internet. Consequently, SCADA systems face different sophisticated types of cyber adversaries. This paper suggests a Probability Risk Identification based Intrusion Detection System (PRI-IDS) technique based on analysing network traffic of Modbus TCP/IP for identifying replay attacks. It is acknowledged that Modbus TCP is usually vulnerable due to its unauthenticated and unencrypted nature. Our technique is evaluated using a simulation environment by configuring a testbed, which is a custom SCADA network that is cheap, accurate and scalable. The testbed is exploited when testing the IDS by sending individual packets from an attacker located on the same LAN as the Modbus master and slave. The experimental results demonstrated that the proposed technique can effectively and efficiently recognise replay attacks.

AB - As Supervisory Control and Data Acquisition (SCADA) systems control several critical infrastructures, they have connected to the internet. Consequently, SCADA systems face different sophisticated types of cyber adversaries. This paper suggests a Probability Risk Identification based Intrusion Detection System (PRI-IDS) technique based on analysing network traffic of Modbus TCP/IP for identifying replay attacks. It is acknowledged that Modbus TCP is usually vulnerable due to its unauthenticated and unencrypted nature. Our technique is evaluated using a simulation environment by configuring a testbed, which is a custom SCADA network that is cheap, accurate and scalable. The testbed is exploited when testing the IDS by sending individual packets from an attacker located on the same LAN as the Modbus master and slave. The experimental results demonstrated that the proposed technique can effectively and efficiently recognise replay attacks.

KW - MODBUS TCP

KW - Network intrusion detection

KW - Probability risk identification

KW - SCADA

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=85047449171&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-90775-8_28

DO - 10.1007/978-3-319-90775-8_28

M3 - Chapter

AN - SCOPUS:85047449171

SN - 978-3-319-90774-1

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 353

EP - 363

BT - Mobile Networks and Management - 9th International Conference, MONAMI 2017, Proceedings

A2 - Wen, Sheng

A2 - Hu, Jiankun

A2 - Khalil, Ibrahim

A2 - Tari, Zahir

PB - Springer-Verlag

T2 - 9th International Conference on Mobile Networks and Management, MONAMI 2017

Y2 - 13 December 2017 through 15 December 2017

ER -

Marsden T, Moustafa N, Sitnikova E, Creech G. Probability Risk Identification Based Intrusion Detection System for SCADA Systems. In Wen S, Hu J, Khalil I, Tari Z, editors, Mobile Networks and Management - 9th International Conference, MONAMI 2017, Proceedings. Springer-Verlag. 2018. p. 353-363. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-319-90775-8_28

Probability Risk Identification Based Intrusion Detection System for SCADA Systems

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this