Attacking and Defending DNP3 ICS/SCADA Systems

Kelli, Vasiliki; Radoglou-Grammatikis, Panagiotis; Sesis, Achilleas; Λάγκας, Θωμάς; Fountoukidis, Eleftherios; Kafetzakis, Emmanouil; Giannoulakis, Ioannis; Sarigiannidis, Panagiotis

doi:10.1109/dcoss54816.2022.00041

Cited by 15 publications

(6 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The primary purpose of the slave or outstation is to respond to requests initiated by the master [67]. In this model, the master is empowered to supervise, regulate, and collect data from slaves, thereby facilitating comprehensive control over the production processes [68]. It is divided into three layers, namely:…”

Section: Ics Communication Protocols Cyber Vulnerabilitiesmentioning

confidence: 99%

Securing Industrial Control Systems: Components, Cyber Threats, and Machine Learning-Driven Defense Strategies

Nankya,

Chataut,

Akl

2023

Sensors

View full text Add to dashboard Cite

Industrial Control Systems (ICS), which include Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and Programmable Logic Controllers (PLC), play a crucial role in managing and regulating industrial processes. However, ensuring the security of these systems is of utmost importance due to the potentially severe consequences of cyber attacks. This article presents an overview of ICS security, covering its components, protocols, industrial applications, and performance aspects. It also highlights the typical threats and vulnerabilities faced by these systems. Moreover, the article identifies key factors that influence the design decisions concerning control, communication, reliability, and redundancy properties of ICS, as these are critical in determining the security needs of the system. The article outlines existing security countermeasures, including network segmentation, access control, patch management, and security monitoring. Furthermore, the article explores the integration of machine learning techniques to enhance the cybersecurity of ICS. Machine learning offers several advantages, such as anomaly detection, threat intelligence analysis, and predictive maintenance. However, combining machine learning with other security measures is essential to establish a comprehensive defense strategy for ICS. The article also addresses the challenges associated with existing measures and provides recommendations for improving ICS security. This paper becomes a valuable reference for researchers aiming to make meaningful contributions within the constantly evolving ICS domain by providing an in-depth examination of the present state, challenges, and potential future advancements.

show abstract

Section: Ics Communication Protocols Cyber Vulnerabilitiesmentioning

confidence: 99%

Securing Industrial Control Systems: Components, Cyber Threats, and Machine Learning-Driven Defense Strategies

Nankya,

Chataut,

Akl

2023

Sensors

View full text Add to dashboard Cite

show abstract

“…The captured packets are then processed by a feature extraction unit designed to extract network flow features from raw network packets. This unit utilizes two tools named "CICFlowMeter" and "DNP3 parser", as described in [42]. The extracted features include network flow features such as source and destination port numbers, number of packet in the network flow, data rate per second, in addition to DNP3 specific features.…”

Section: Proposed Systemmentioning

confidence: 99%

“…• DNP3 Disable Unsolicited Messages Attack The DNP3 and TCP/IP network flows generated by each node during the attack execution were produced by using a custom DNP3 Python Parser and the CICFlowMeter, respectively [42]. The resulting dataset, consisting of the above flows and related statistics, was labelled based on the previously listed DNP3 attack types.…”

Section: Dnp3 Intrusion Detection Datasetmentioning

confidence: 99%

A two-stage cyber attack detection and classification system for smart grids

Alani,

Mauri,

Damiani

2023

Internet of Things

View full text Add to dashboard Cite

“…The Distributed Network Protocol 3 (DNP3), as has already been mentioned, represents a multi-tier application layer protocol, which proves to be particularly useful in critical industrial settings, such as complex electrical grid systems. The authors of the paper [ 55 ] study the internal vulnerabilities which are induced by the design of the DNP3 data transmission protocol. They implement the attack patterns that are determined empirically, and the research process is experimentally documented through eight DNP3 attack scenarios.…”

Section: Relevant Existing Contributionsmentioning

confidence: 99%

Relevant Cybersecurity Aspects of IoT Microservices Architectures Deployed over Next-Generation Mobile Networks

Aldea

Bocu

Vasilescu

2022

Sensors

View full text Add to dashboard Cite

The design and implementation of secure IoT platforms and software solutions represent both a required functional feature and a performance acceptance factor nowadays. This paper describes relevant cybersecurity problems considered during the proposed microservices architecture development. Service composition mechanisms and their security are affected by the underlying hardware components and networks. The overall speedup of the platforms, which are implemented using the new 5G networks, and the capabilities of new performant IoT devices may be wasted by an inadequate combination of authentication services and security mechanisms, by the architectural misplacing of the encryption services, or by the inappropriate subsystems scaling. Considering the emerging microservices platforms, the Spring Boot alternative is used to implement data generation services, IoT sensor reading services, IoT actuators control services, and authentication services, and ultimately assemble them into a secure microservices architecture. Furthermore, considering the designed architecture, relevant security aspects related to the medical and energy domains are analyzed and discussed. Based on the proposed architectural concept, it is shown that well-designed and orchestrated architectures that consider the proper security aspects and their functional influence can lead to stable and secure implementations of the end user’s software platforms.

show abstract

Attacking and Defending DNP3 ICS/SCADA Systems

Cited by 15 publications

References 36 publications

Securing Industrial Control Systems: Components, Cyber Threats, and Machine Learning-Driven Defense Strategies

Securing Industrial Control Systems: Components, Cyber Threats, and Machine Learning-Driven Defense Strategies

A two-stage cyber attack detection and classification system for smart grids

Relevant Cybersecurity Aspects of IoT Microservices Architectures Deployed over Next-Generation Mobile Networks

Contact Info

Product

Resources

About