Probability Risk Identification Based Intrusion Detection System for SCADA Systems

Thomas Marsden, Nour Moustafa, Elena Sitnikova, Gideon Creech

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

19 Citations (Scopus)

Abstract

As Supervisory Control and Data Acquisition (SCADA) systems control several critical infrastructures, they have connected to the internet. Consequently, SCADA systems face different sophisticated types of cyber adversaries. This paper suggests a Probability Risk Identification based Intrusion Detection System (PRI-IDS) technique based on analysing network traffic of Modbus TCP/IP for identifying replay attacks. It is acknowledged that Modbus TCP is usually vulnerable due to its unauthenticated and unencrypted nature. Our technique is evaluated using a simulation environment by configuring a testbed, which is a custom SCADA network that is cheap, accurate and scalable. The testbed is exploited when testing the IDS by sending individual packets from an attacker located on the same LAN as the Modbus master and slave. The experimental results demonstrated that the proposed technique can effectively and efficiently recognise replay attacks.

Original languageEnglish
Title of host publicationMobile Networks and Management - 9th International Conference, MONAMI 2017, Proceedings
EditorsSheng Wen, Jiankun Hu, Ibrahim Khalil, Zahir Tari
PublisherSpringer-Verlag
Pages353-363
Number of pages11
ISBN (Electronic)978-3-319-90775-8
ISBN (Print)978-3-319-90774-1
DOIs
Publication statusPublished - 2018
Externally publishedYes
Event9th International Conference on Mobile Networks and Management, MONAMI 2017 - Melbourne, Australia
Duration: 13 Dec 201715 Dec 2017

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume235
ISSN (Print)1867-8211

Conference

Conference9th International Conference on Mobile Networks and Management, MONAMI 2017
Country/TerritoryAustralia
CityMelbourne
Period13/12/1715/12/17

Keywords

  • MODBUS TCP
  • Network intrusion detection
  • Probability risk identification
  • SCADA
  • Security

Fingerprint

Dive into the research topics of 'Probability Risk Identification Based Intrusion Detection System for SCADA Systems'. Together they form a unique fingerprint.

Cite this