Anomaly Detection for Simulated IEC-60870-5-104 Trafiic

Hodo, Ersi; Grebeniuk, Stepan; Ruotsalainen, Henri; Tavolato, Paul

doi:10.1145/3098954.3103166

Cited by 23 publications

(19 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [108] E. Hodo et al present an anomaly-based IDS for a SCADA simulated environment which utilizes the IEC 60870-5-104 [109] (IEC-104) protocol. In 1995, the International Electromechanical Commission (IEC) was released IEC-60870-5-101 which includes essential telecontrol messages between a logic controller and a controlling server.…”

Section: Idps Systems For Scada Systemsmentioning

confidence: 99%

Securing the Smart Grid: A Comprehensive Compilation of Intrusion Detection and Prevention Systems

2019

View full text Add to dashboard Cite

The smart grid (SG) paradigm is the next technological leap of the conventional electrical grid, contributing to the protection of the physical environment and providing multiple advantages such as increased reliability, better service quality, and the efficient utilization of the existing infrastructure and the renewable energy resources. However, despite the fact that it brings beneficial environmental, economic, and social changes, the existence of such a system possesses important security and privacy challenges, since it includes a combination of heterogeneous, co-existing smart, and legacy technologies. Based on the rapid evolution of the cyber-physical systems (CPS), both academia and industry have developed appropriate measures for enhancing the security surface of the SG paradigm using, for example, integrating efficient, lightweight encryption and authorization mechanisms. Nevertheless, these mechanisms may not prevent various security threats, such as denial of service (DoS) attacks that target on the availability of the underlying systems. An efficient countermeasure against several cyberattacks is the intrusion detection and prevention system (IDPS). In this paper, we examine the contribution of the IDPSs in the SG paradigm, providing an analysis of 37 cases. More detailed, these systems can be considered as a secondary defense mechanism, which enhances the cryptographic processes, by timely detecting or/and preventing potential security violations. For instance, if a cyberattack bypasses the essential encryption and authorization mechanisms, then the IDPS systems can act as a secondary protection service, informing the system operator for the presence of the specific attack or enabling appropriate preventive countermeasures. The cases we study focused on the advanced metering infrastructure (AMI), supervisory control and data acquisition (SCADA) systems, substations, and synchrophasors. Based on our comparative analysis, the limitations and the shortcomings of the current IDPS systems are identified, whereas appropriate recommendations are provided for future research efforts.

show abstract

Section: Idps Systems For Scada Systemsmentioning

confidence: 99%

Securing the Smart Grid: A Comprehensive Compilation of Intrusion Detection and Prevention Systems

2019

View full text Add to dashboard Cite

show abstract

“…IEC 60870-5-104 (also known as IEC104) is one of the IEC 60870 set of international standards released by the International Electrotechnical Commission (IEC). The IEC 60870 standard defines systems used for tele-control in electrical engineering and power system automation applications [7]. It specifies a communication profile for sending basic tele-control messages between two systems over standard TCP/IP network, which allows simultaneous data transmission between several devices and services.…”

Section: Iec 60870-5-104 Protocolmentioning

confidence: 99%

“…The security of IEC 104 has been proven to be problematic [5,8]. According to recent security advisories [7], multiple security weaknesses associated with this protocol have been reported [3] such as the lack of strong data encryption and proper authentication could allow an unauthenticated, remote attacker to inject, hijack or spoof network communications or exploit input validation flaws on vulnerable systems using the IEC 104 protocol [7]. Although the IEC have published a security standard, IEC 62351.…”

Section: Iec 60870-5-104 Protocolmentioning

confidence: 99%

Simulating command injection attacks on IEC 60870-5-104 protocol in SCADA system

Qassim

Jamil²,

Daud

et al. 2018

IJET

View full text Add to dashboard Cite

IEC 60870-5-104 is an international standard used for tele-control in electrical engineering and power system applications. It is one of the major principal protocols in SCADA system. Major industrial control vendors use this protocol for monitoring and managing power utility devices. One of the most common attacks which has a catastrophic impact on industrial control systems is the control command injection attack. It happens when an attacker injects false control commands into a control system. This paper presents the IEC 60870-5-104 vulnera-bilities from the perspective of command and information data injection. From the SCADA testbed that we setup, we showed that a success-ful control command injection attack can be implemented by exploiting the vulnerabilities identified earlier.

show abstract

“…The research outcome contributes towards the development of defence model against the attack. Researchers in [9] find out an anomaly on the SCADA traffic when an attack on IEC protocol occurs.…”

Section: Introductionmentioning

confidence: 99%

The trends of supervisory control and data acquisition security challenges in heterogeneous networks

Arifin

Susanto²,

Stiawan

et al. 2021

IJEECS

View full text Add to dashboard Cite

<p>Supervisory control and data acquisition (SCADA) has an important role in communication between devices in strategic industries such as power plant grid/network. Besides, the SCADA system is now open to any external heterogeneous networks to facilitate monitoring of industrial equipment, but this causes a new vulnerability in the SCADA network system. Any disruption on the SCADA system will give rise to a dangerous impact on industrial devices. Therefore, deep research and development of reliable intrusion detection system (IDS) for SCADA system/network is required. Via a thorough literature review, this paper firstly discusses current security issues of SCADA system and look closely benchmark dataset and SCADA security holes, followed by SCADA traffic anomaly recognition using artificial intelligence techniques and visual traffic monitoring system. Then, touches on the encryption technique suitable for the SCADA network. In the end, this paper gives the trend of SCADA IDS in the future and provides a proposed model to generate a reliable IDS, this model is proposed based on the investigation of previous researches. This paper focuses on SCADA systems that use IEC 60870-5-104 (IEC 104) protocol and distributed network protocol version 3 (DNP3) protocol as many SCADA systems use these two protocols.</p>

show abstract

Anomaly Detection for Simulated IEC-60870-5-104 Trafiic

Cited by 23 publications

References 5 publications

Securing the Smart Grid: A Comprehensive Compilation of Intrusion Detection and Prevention Systems

Securing the Smart Grid: A Comprehensive Compilation of Intrusion Detection and Prevention Systems

Simulating command injection attacks on IEC 60870-5-104 protocol in SCADA system

The trends of supervisory control and data acquisition security challenges in heterogeneous networks

Contact Info

Product

Resources

About