Cyber attack and defense on industry control systems

Industry control systems (ICSs) are widely used in various critical infrastructure production facilities of the oil, water, and electricity industries. In the past, most of these ICSs lacked both authentication and encryption mechanisms, leaving them vulnerable to attack by hackers. By establishing an industry control system test bed, this paper examines two operational cases, viz. water level control and air pollution control, and develops for them a Modbus/TCP network attack program, and an associated intrusion detection system (IDS). Through in-depth analysis of the Modbus ICS protocol, an automatic-learning based method of malicious intrusion detection is proposed, with which a variety of tests are conducted on the developed testbed. The results show that this method can effectively detect various kinds of network attacks.

[1]  Gabor Karsai,et al.  A testbed for secure and robust SCADA systems , 2008, SIGBED.

[2]  M. Milvich,et al.  Idaho National Laboratory Supervisory Control and Data Acquisition Intrusion Detection System (SCADA IDS) , 2008, 2008 IEEE Conference on Technologies for Homeland Security.

[3]  Salim Hariri,et al.  A testbed for analyzing security of SCADA control systems (TASSCS) , 2011, ISGT 2011.

[4]  Dayu Yang,et al.  Anomaly-Based Intrusion Detection for SCADA Systems , 2006 .

[5]  Sakir Sezer,et al.  Rule-Based Intrusion Detection System for SCADA Networks , 2013 .

[6]  Siddharth Sridhar,et al.  Development of the PowerCyber SCADA security testbed , 2010, CSIIRW '10.

[7]  Paul W. Oman,et al.  Intrusion Detection and Event Monitoring in SCADA Networks , 2007, Critical Infrastructure Protection.

[8]  Chunlei Wang,et al.  A Simulation Environment for SCADA Security Analysis and Assessment , 2010, 2010 International Conference on Measuring Technology and Mechatronics Automation.

[9]  Wei Gao On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems , 2019 .

[10]  Béla Genge,et al.  A cyber-physical experimentation environment for the security analysis of networked industrial control systems , 2012, Comput. Electr. Eng..

[11]  Hak-Man Kim,et al.  Development of test-bed and security devices for SCADA communication in electric power system , 2009, INTELEC 2009 - 31st International Telecommunications Energy Conference.

[12]  Avishai Wool,et al.  Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems , 2013, Int. J. Crit. Infrastructure Prot..

[13]  Wojciech Tylman SCADA Intrusion Detection Based on Modelling of Allowed Communication Patterns , 2013, DepCoS-RELCOMEX.

[14]  S. Sastry,et al.  SCADA-specific Intrusion Detection / Prevention Systems : A Survey and Taxonomy , 2010 .