A Review of Research Work on Network-Based SCADA Intrusion Detection Systems

Specific intrusion detection systems (IDSs) are needed to secure modern supervisory control and data acquisition (SCADA) systems due to their architecture, stringent real-time requirements, network traffic features and specific application layer protocols. This article aims to contribute to assess the state-of-the-art, identify the open issues and provide an insight for future study areas. To achieve these objectives, we start from the factors that impact the design of dedicated intrusion detection systems in SCADA networks and focus on network-based IDS solutions. We propose a structured evaluation methodology that encompasses detection techniques, protected protocols, implementation tools, test environments and IDS performance. Special attention is focused on assessing implementation maturity as well as the applicability of each surveyed solution in the Future Internet environment. Based on that, we provide a brief description and evaluation of 26 selected research papers, published in the period 2015–2019. Results of our analysis indicate considerable progress regarding the development of machine learning-based detection methods, implementation platforms, and to some extent, sophisticated testbeds. We also identify research gaps and conclude the analysis with a list of the most important directions for further research.

[1]  Zahir Tari,et al.  An Efficient Data-Driven Clustering Technique to Detect Attacks in SCADA Systems , 2016, IEEE Transactions on Information Forensics and Security.

[2]  Peidong Zhu,et al.  Intrusion detection in SCADA systems by traffic periodicity and telemetry analysis , 2016, 2016 IEEE Symposium on Computers and Communication (ISCC).

[3]  Yingxu Lai,et al.  Industrial Anomaly Detection and Attack Classification Method Based on Convolutional Neural Network , 2019, Secur. Commun. Networks.

[4]  Sakir Sezer,et al.  OSCIDS: An Ontology based SCADA Intrusion Detection Framework , 2016, SECRYPT.

[5]  Aiko Pras,et al.  Difficulties in Modeling SCADA Traffic: A Comparative Analysis , 2012, PAM.

[6]  Cristina Alcaraz,et al.  Analysis of Intrusion Detection Systems in Industrial Ecosystems , 2017, SECRYPT.

[7]  Xiaojun Zhou,et al.  What should we do? A structured review of SCADA system cyber security standards , 2017, 2017 4th International Conference on Control, Decision and Information Technologies (CoDIT).

[8]  David Hutchison,et al.  An Analysis of Cyber Security Attack Taxonomies , 2018, 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[9]  Didar Zowghi,et al.  A Maturity Model for the Implementation of Software Process Improvement: an Empirical Study , 2022 .

[10]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[11]  Nils Ole Tippenhauer,et al.  HAMIDS: Hierarchical Monitoring Intrusion Detection System for Industrial Control Systems , 2016, CPS-SPC '16.

[12]  Pearl Brereton,et al.  A systematic review of systematic review process research in software engineering , 2013, Inf. Softw. Technol..

[13]  Simin Nadjm-Tehrani,et al.  Exploiting Bro for Intrusion Detection in a SCADA System , 2016, CPSS@AsiaCCS.

[14]  Gerhard P Hancke,et al.  Introduction to Industrial Control Networks , 2013, IEEE Communications Surveys & Tutorials.

[15]  Hong Li,et al.  A survey of intrusion detection on industrial control systems , 2018, Int. J. Distributed Sens. Networks.

[16]  Panagiotis G. Sarigiannidis,et al.  Securing the Smart Grid: A Comprehensive Compilation of Intrusion Detection and Prevention Systems , 2019, IEEE Access.

[17]  R. B. Benisha,et al.  Design of Intrusion Detection and Prevention in SCADA System for the Detection of Bias Injection Attacks , 2019, Secur. Commun. Networks.

[18]  Ming Wan,et al.  Double Behavior Characteristics for One-Class Classification Anomaly Detection in Networked Control Systems , 2017, IEEE Transactions on Information Forensics and Security.

[19]  Dinghua Wang,et al.  Intrusion Detection Model of SCADA Using Graphical Features , 2018, 2018 IEEE 3rd Advanced Information Technology, Electronic and Automation Control Conference (IAEAC).

[20]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[21]  Roberto Uribeetxeberria,et al.  A Review of SCADA Anomaly Detection Systems , 2011, SOCO.

[22]  Erik Westring,et al.  A Survey of Industrial Control System Testbeds , 2015, NordSec.

[23]  Dechang Pi,et al.  HML-IDS: A Hybrid-Multilevel Anomaly Prediction Approach for Intrusion Detection in SCADA Systems , 2019, IEEE Access.

[24]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[25]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[26]  Bengt Gregory-Brown,et al.  Securing Industrial Control Systems-2017 , 2018 .

[27]  Kevin E. Hemsley,et al.  History of Industrial Control System Cyber Incidents , 2018 .

[28]  S. Sastry,et al.  SCADA-specific Intrusion Detection / Prevention Systems : A Survey and Taxonomy , 2010 .

[29]  Kevin Wong,et al.  Enhancing Suricata intrusion detection system for cyber security in SCADA networks , 2017, 2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE).

[30]  R. I. Ogie Cyber Security Incidents on Critical Infrastructure and Industrial Networks , 2017, ICCAE '17.

[31]  Konrad Rieck,et al.  ZOE: Content-Based Anomaly Detection for Industrial Control Systems , 2018, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[32]  Srinivas Sampalli,et al.  A Survey of Security in SCADA Networks: Current Issues and Future Challenges , 2019, IEEE Access.

[33]  Iqbal Gondal,et al.  Survey of intrusion detection systems: techniques, datasets and challenges , 2019, Cybersecurity.

[34]  Leandros A. Maglaras,et al.  A Cybersecurity Detection Framework for Supervisory Control and Data Acquisition Systems , 2016, IEEE Transactions on Industrial Informatics.

[35]  Matthew Peacock,et al.  Detection techniques in operational technology infrastructure , 2018 .

[36]  Tingting Li,et al.  Multi-level Anomaly Detection in Industrial Control Systems via Package Signatures and LSTM Networks , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[37]  Lisandro Zambenedetti Granville,et al.  A One-Class NIDS for SDN-Based SCADA Systems , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[38]  Matti Mantere,et al.  Network Traffic Features for Anomaly Detection in Specific Industrial Control System Network , 2013, Future Internet.

[39]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[40]  Jasna D. Markovic-Petrovic,et al.  Scada systems in the cloud and fog environments: Migration scenarios and security issues , 2019, Facta universitatis - series: Electronics and Energetics.

[41]  Dilip Patel,et al.  Assessing and augmenting SCADA cyber security: A survey of techniques , 2017, Comput. Secur..

[42]  Jasna D. Markovic-Petrovic,et al.  A Fuzzy AHP Approach for Security Risk Assessment in SCADA Networks , 2019 .

[43]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[44]  Ali Doustmohammadi,et al.  Intrusion Detection in Cyber-Physical Systems Based on Petri Net , 2018, Inf. Technol. Control..

[45]  Jiankun Hu,et al.  An Integrated Framework for Privacy-Preserving Based Anomaly Detection for Cyber-Physical Systems , 2019, IEEE Transactions on Sustainable Computing.

[46]  Ernest Foo,et al.  Anomaly detection for industrial control systems using process mining , 2018, Comput. Secur..

[47]  H.A.M. Luiijf,et al.  Cyber Security of Industrial Control Systems , 2015 .

[48]  Carl M. Hurd,et al.  A Survey of Security Tools for the Industrial Control System Environment , 2017 .

[49]  Sridhar Adepu,et al.  Distributed Attack Detection in a Water Treatment Plant: Method and Case Study , 2018, IEEE Transactions on Dependable and Secure Computing.

[50]  Avishai Wool,et al.  Control variable classification, modeling and anomaly detection in Modbus/TCP SCADA systems , 2015, Int. J. Crit. Infrastructure Prot..

[51]  Jean-Marie Flaus,et al.  A Deep Learning Approach for Intrusion Detection System in Industry Network , 2018, BDCSIntell.

[52]  Chris W. Johnson Barriers to the Use of Intrusion Detection Systems in Safety-Critical Applications , 2015, SAFECOMP.

[53]  Sakir Sezer,et al.  Multidimensional Intrusion Detection System for IEC 61850-Based SCADA Networks , 2017, IEEE Transactions on Power Delivery.

[54]  Farrukh Aslam Khan,et al.  Securing SCADA-based Critical Infrastructures: Challenges and Open Issues , 2019, Procedia Computer Science.

[55]  Huy Kang Kim,et al.  A behavior-based intrusion detection technique for smart grid infrastructure , 2015, 2015 IEEE Eindhoven PowerTech.

[56]  Mirjana D. Stojanovic,et al.  An Improved Risk Assessment Method for SCADA Information Security , 2014 .

[57]  Mohamed Amine Ferrag,et al.  Blockchain and Random Subspace Learning-Based IDS for SDN-Enabled Industrial IoT Security , 2019, Sensors.

[58]  Ravishankar K. Iyer,et al.  Runtime Semantic Security Analysis to Detect and Mitigate Control-Related Attacks in Power Grids , 2018, IEEE Transactions on Smart Grid.

[59]  A. Derhab,et al.  Cyber Security: From Regulations and Policies to Practice , 2019, Strategic Innovative Marketing and Tourism.

[60]  Liang Cheng,et al.  Deep-Learning-Based Network Intrusion Detection for SCADA Systems , 2019, 2019 IEEE Conference on Communications and Network Security (CNS).