Traffic Data Classification to Detect Man-in-the-Middle Attacks in Industrial Control System

Industrial Control Systems (ICS) are widely used in critical infrastructure in industries such as power, rail transit, and water conservancy. As the connection between the corporate network and the Internet continues to increase, the industrial control system has gradually become the target of hackers, which constantly threaten the personal safety of citizens. The Man-inthe-Middle (MITM) attack is one of the most famous attacks in the field of computer security. Once being used in the factory control network, it will not only cause data leakage, but also control the core industrial component PLC and cause serious security accidents. This paper proposes a method for classifying network traffic data in industrial control system to detect MITM attacks. In the simulation experiment, the method can identify normal and abnonnal data packets that have been tampered by the MITM, and the classification accuracy is up to 99.74%.

[1]  Carlos Bustamante,et al.  Comparing Fuzzy Naive Bayes and Gaussian Naive Bayes for Decision Making in RoboCup 3D , 2006, MICAI.

[2]  Sangarapillai Lambotharan,et al.  A Basic Probability Assignment Methodology for Unsupervised Wireless Intrusion Detection , 2018, IEEE Access.

[3]  Stanislav Ponomarev,et al.  Industrial Control System Network Intrusion Detection by Telemetry Analysis , 2016, IEEE Transactions on Dependable and Secure Computing.

[4]  Ian P. Turnipseed A new scada dataset for intrusion detection research , 2015 .

[5]  Philip Koopman,et al.  Embedded System Security , 2004, Computer.

[6]  Gyu Sang Choi,et al.  Mitigating ARP poisoning-based man-in-the-middle attacks in wired or wireless LAN , 2012, EURASIP J. Wirel. Commun. Netw..

[7]  Mauro Conti,et al.  A Survey of Man In The Middle Attacks , 2016, IEEE Communications Surveys & Tutorials.

[8]  Zhongheng Zhang,et al.  Introduction to machine learning: k-nearest neighbors. , 2016, Annals of translational medicine.

[9]  John G. Voeller Wiley handbook of science and technology for homeland security , 2008 .

[10]  Qusay H. Mahmoud,et al.  A hybrid model for anomaly-based intrusion detection in SCADA networks , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[11]  Dimitri P. Solomatine,et al.  Model Induction with Support Vector Machines: Introduction and Applications , 2001 .

[12]  Ming Jin,et al.  Power Grid AC-Based State Estimation: Vulnerability Analysis Against Cyber Attacks , 2019, IEEE Transactions on Automatic Control.

[13]  Eric D. Knapp,et al.  Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems , 2011 .

[14]  Yang Liu,et al.  An introduction to decision tree modeling , 2004 .

[15]  Sheila E. Frankel,et al.  Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i , 2007 .

[16]  Yuval Elovici,et al.  Vesper: Using Echo Analysis to Detect Man-in-the-Middle Attacks in LANs , 2018, IEEE Transactions on Information Forensics and Security.