Intrusion Detection System for IEC 60870-5-104 based SCADA networks

Yi Yang; Kieran McLaughlin; Tim Littler; Sakir Sezer; Bernardi Pranggono; Haifeng Wang

doi:10.1109/PESMG.2013.6672100

Intrusion Detection System for IEC 60870-5-104 based SCADA networks

Yi Yang, Kieran McLaughlin, Tim Littler, Sakir Sezer, Bernardi Pranggono, Haifeng Wang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

64 Citations (Scopus)

Abstract

Increased complexity and interconnectivity of Supervisory Control and Data Acquisition (SCADA) systems in Smart Grids potentially means greater susceptibility to malicious attackers. SCADA systems with legacy communication infrastructure have inherent cyber-security vulnerabilities as these systems were originally designed with little consideration of cyber threats. In order to improve cyber-security of SCADA networks, this paper presents a rule-based Intrusion Detection System (IDS) using a Deep Packet Inspection (DPI) method, which includes signature-based and model-based approaches tailored for SCADA systems. The proposed signature-based rules can accurately detect several known suspicious or malicious attacks. In addition, model-based detection is proposed as a complementary method to detect unknown attacks. Finally, proposed intrusion detection approaches for SCADA networks are implemented and verified via Snort rules.

Original language	English
Title of host publication	IEEE Power & Energy Society General Meeting (PESGM) 2013
Publisher	IEEE
Volume	2013
ISBN (Electronic)	9781479913039
ISBN (Print)	97814799130202
DOIs	https://doi.org/10.1109/PESMG.2013.6672100
Publication status	Published - 21 Jul 2013

Keywords

SCADA
intrusion detector system
cyber-security
IEC 60870-5-104

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Documents and Links

10.1109/PESMG.2013.6672100

Cite this

@inproceedings{4000bb0739914a28869609ce47121122,

title = "Intrusion Detection System for IEC 60870-5-104 based SCADA networks",

abstract = "Increased complexity and interconnectivity of Supervisory Control and Data Acquisition (SCADA) systems in Smart Grids potentially means greater susceptibility to malicious attackers. SCADA systems with legacy communication infrastructure have inherent cyber-security vulnerabilities as these systems were originally designed with little consideration of cyber threats. In order to improve cyber-security of SCADA networks, this paper presents a rule-based Intrusion Detection System (IDS) using a Deep Packet Inspection (DPI) method, which includes signature-based and model-based approaches tailored for SCADA systems. The proposed signature-based rules can accurately detect several known suspicious or malicious attacks. In addition, model-based detection is proposed as a complementary method to detect unknown attacks. Finally, proposed intrusion detection approaches for SCADA networks are implemented and verified via Snort rules.",

keywords = "SCADA, intrusion detector system, cyber-security, IEC 60870-5-104",

author = "Yi Yang and Kieran McLaughlin and Tim Littler and Sakir Sezer and Bernardi Pranggono and Haifeng Wang",

year = "2013",

month = jul,

day = "21",

doi = "10.1109/PESMG.2013.6672100",

language = "English",

isbn = " 97814799130202",

volume = "2013",

booktitle = "IEEE Power & Energy Society General Meeting (PESGM) 2013",

publisher = "IEEE",

}

TY - GEN

T1 - Intrusion Detection System for IEC 60870-5-104 based SCADA networks

AU - Yang, Yi

AU - McLaughlin, Kieran

AU - Littler, Tim

AU - Sezer, Sakir

AU - Pranggono, Bernardi

AU - Wang, Haifeng

PY - 2013/7/21

Y1 - 2013/7/21

N2 - Increased complexity and interconnectivity of Supervisory Control and Data Acquisition (SCADA) systems in Smart Grids potentially means greater susceptibility to malicious attackers. SCADA systems with legacy communication infrastructure have inherent cyber-security vulnerabilities as these systems were originally designed with little consideration of cyber threats. In order to improve cyber-security of SCADA networks, this paper presents a rule-based Intrusion Detection System (IDS) using a Deep Packet Inspection (DPI) method, which includes signature-based and model-based approaches tailored for SCADA systems. The proposed signature-based rules can accurately detect several known suspicious or malicious attacks. In addition, model-based detection is proposed as a complementary method to detect unknown attacks. Finally, proposed intrusion detection approaches for SCADA networks are implemented and verified via Snort rules.

AB - Increased complexity and interconnectivity of Supervisory Control and Data Acquisition (SCADA) systems in Smart Grids potentially means greater susceptibility to malicious attackers. SCADA systems with legacy communication infrastructure have inherent cyber-security vulnerabilities as these systems were originally designed with little consideration of cyber threats. In order to improve cyber-security of SCADA networks, this paper presents a rule-based Intrusion Detection System (IDS) using a Deep Packet Inspection (DPI) method, which includes signature-based and model-based approaches tailored for SCADA systems. The proposed signature-based rules can accurately detect several known suspicious or malicious attacks. In addition, model-based detection is proposed as a complementary method to detect unknown attacks. Finally, proposed intrusion detection approaches for SCADA networks are implemented and verified via Snort rules.

KW - SCADA

KW - intrusion detector system

KW - cyber-security

KW - IEC 60870-5-104

U2 - 10.1109/PESMG.2013.6672100

DO - 10.1109/PESMG.2013.6672100

M3 - Conference contribution

SN - 97814799130202

VL - 2013

BT - IEEE Power & Energy Society General Meeting (PESGM) 2013

PB - IEEE

ER -

Intrusion Detection System for IEC 60870-5-104 based SCADA networks

Abstract

Keywords

UN SDGs

Documents and Links

Fingerprint

Cite this