Rule-Based Intrusion Detection System for SCADA Networks

Yi Yang; Kieran McLaughlin; Timothy Littler; Sakir Sezer; Haifeng Wang

Rule-Based Intrusion Detection System for SCADA Networks

Yi Yang, Kieran McLaughlin, Timothy Littler, Sakir Sezer, Haifeng Wang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Increased complexity and interconnectivity of Supervisory Control and Data Acquisition (SCADA) systems in Smart Grids potentially means greater susceptibility to malicious attackers. SCADA systems with legacy communication infrastructure have inherent cyber-security vulnerabilities as these systems were originally designed with little consideration of cyber threats. In order to improve cyber-security of SCADA networks, this paper presents a rule-based Intrusion Detection System (IDS) using a Deep Packet Inspection (DPI) method, which includes signature-based and model-based approaches tailored for SCADA systems. The proposed signature-based rules can accurately detect several known suspicious or malicious attacks. In addition, model-based detection is proposed as a complementary method to detect unknown attacks. Finally, proposed intrusion detection approaches for SCADA networks are implemented and verified using a ruled based method.

Original language	English
Title of host publication	Proceeding of the 2nd IET International Conference in Renewable Power Generation (RPG2013)
Volume	2013
Edition	623 CP
Publication status	Published - Sep 2013

Keywords

Smart Grid; SCADA; Cyber-security; Intrusion detection

ASJC Scopus subject areas

Electrical and Electronic Engineering

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

R1118ECI: Centre for Secure Information Technologies (CSIT)
McCanny, J. V., Cowan, C., Crookes, D., Fusco, V., Linton, D., Liu, W., Miller, P., O'Neill, M., Scanlon, W. & Sezer, S.
01/08/2009 → 30/06/2014
Project: Research

Cite this

@inproceedings{7b9767f79893498093d410d468025a6e,

title = "Rule-Based Intrusion Detection System for SCADA Networks",

abstract = "Increased complexity and interconnectivity of Supervisory Control and Data Acquisition (SCADA) systems in Smart Grids potentially means greater susceptibility to malicious attackers. SCADA systems with legacy communication infrastructure have inherent cyber-security vulnerabilities as these systems were originally designed with little consideration of cyber threats. In order to improve cyber-security of SCADA networks, this paper presents a rule-based Intrusion Detection System (IDS) using a Deep Packet Inspection (DPI) method, which includes signature-based and model-based approaches tailored for SCADA systems. The proposed signature-based rules can accurately detect several known suspicious or malicious attacks. In addition, model-based detection is proposed as a complementary method to detect unknown attacks. Finally, proposed intrusion detection approaches for SCADA networks are implemented and verified using a ruled based method. ",

keywords = "Smart Grid; SCADA; Cyber-security; Intrusion detection",

author = "Yi Yang and Kieran McLaughlin and Timothy Littler and Sakir Sezer and Haifeng Wang",

year = "2013",

month = sep,

language = "English",

volume = "2013",

booktitle = "Proceeding of the 2nd IET International Conference in Renewable Power Generation (RPG2013)",

edition = "623 CP",

}

TY - GEN

T1 - Rule-Based Intrusion Detection System for SCADA Networks

AU - Yang, Yi

AU - McLaughlin, Kieran

AU - Littler, Timothy

AU - Sezer, Sakir

AU - Wang, Haifeng

PY - 2013/9

Y1 - 2013/9

N2 - Increased complexity and interconnectivity of Supervisory Control and Data Acquisition (SCADA) systems in Smart Grids potentially means greater susceptibility to malicious attackers. SCADA systems with legacy communication infrastructure have inherent cyber-security vulnerabilities as these systems were originally designed with little consideration of cyber threats. In order to improve cyber-security of SCADA networks, this paper presents a rule-based Intrusion Detection System (IDS) using a Deep Packet Inspection (DPI) method, which includes signature-based and model-based approaches tailored for SCADA systems. The proposed signature-based rules can accurately detect several known suspicious or malicious attacks. In addition, model-based detection is proposed as a complementary method to detect unknown attacks. Finally, proposed intrusion detection approaches for SCADA networks are implemented and verified using a ruled based method.

AB - Increased complexity and interconnectivity of Supervisory Control and Data Acquisition (SCADA) systems in Smart Grids potentially means greater susceptibility to malicious attackers. SCADA systems with legacy communication infrastructure have inherent cyber-security vulnerabilities as these systems were originally designed with little consideration of cyber threats. In order to improve cyber-security of SCADA networks, this paper presents a rule-based Intrusion Detection System (IDS) using a Deep Packet Inspection (DPI) method, which includes signature-based and model-based approaches tailored for SCADA systems. The proposed signature-based rules can accurately detect several known suspicious or malicious attacks. In addition, model-based detection is proposed as a complementary method to detect unknown attacks. Finally, proposed intrusion detection approaches for SCADA networks are implemented and verified using a ruled based method.

KW - Smart Grid; SCADA; Cyber-security; Intrusion detection

M3 - Conference contribution

VL - 2013

BT - Proceeding of the 2nd IET International Conference in Renewable Power Generation (RPG2013)

ER -

Rule-Based Intrusion Detection System for SCADA Networks

Abstract

Keywords

ASJC Scopus subject areas

UN SDGs

Fingerprint

Projects

R1118ECI: Centre for Secure Information Technologies (CSIT)

Cite this