Encrypted DNP3 Traffic Classification Using Supervised Machine Learning Algorithms

Toledo, Thais Rodriguez de; Torrisi, Nunzio Marco

doi:10.3390/make1010022

Cited by 21 publications

(14 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Researchers in [18] find out that by using supervised machine learning algorithm support vector machine (SVM), the encrypted data packet in SCADA network running DNP3 protocol can be classified. Thus, a man-in-the-middle (MiTM) on communication link can capture as well as remove the encrypted DNP3 packet data that already selected by the SVM, this is due to the opening of the SCADA connection to the Heterogeneous networks.…”

Section: Vulnerability Issues Of Scada Systemmentioning

confidence: 99%

“…Thus, a man-in-the-middle (MiTM) on communication link can capture as well as remove the encrypted DNP3 packet data that already selected by the SVM, this is due to the opening of the SCADA connection to the Heterogeneous networks. Figure 1 illustrates the effect of SCADA network interconnection to external heterogeneous network as described by the above previous works [18].…”

Section: Vulnerability Issues Of Scada Systemmentioning

confidence: 99%

“…The researchers use the attack scenario with MiTM attacker that targets the IEC 104 protocol by changing the cause of transmission (COT) value to an invalid value. The work focuses on the MiTM type of attack for changing the (COT) value, however many other attack types are carried out by other research works, such as in [9] which uses DoS Attack on IEC 104 protocol, and in [18] which uses injection and dropping attack on DNP3 protocol, researchers in [21] conduct experiments on reconnaissance, injection, masquerading, replay, and flooding attack on DNP3 protocol. In this case, the dataset used by [11] is not suitable for the use in other attack scenarios.…”

Section: Dataset Issuementioning

confidence: 99%

“…The first vulnerability is at point A, where this point located in the area that having physical devices such as RTU device, HMI, and historian server as shown in Figure 3. MiTM attacker resides in the communication link can perform data dropping and change [18]. Besides, attack in the form of physical device attack most probably may happen in this point, since the attacker has already in the network that directly connects to the physical devices [7].…”

Section: Vulnerable Points On General Scada Topologymentioning

confidence: 99%

See 3 more Smart Citations

The trends of supervisory control and data acquisition security challenges in heterogeneous networks

Arifin

Susanto²,

Stiawan

et al. 2021

IJEECS

View full text Add to dashboard Cite

<p>Supervisory control and data acquisition (SCADA) has an important role in communication between devices in strategic industries such as power plant grid/network. Besides, the SCADA system is now open to any external heterogeneous networks to facilitate monitoring of industrial equipment, but this causes a new vulnerability in the SCADA network system. Any disruption on the SCADA system will give rise to a dangerous impact on industrial devices. Therefore, deep research and development of reliable intrusion detection system (IDS) for SCADA system/network is required. Via a thorough literature review, this paper firstly discusses current security issues of SCADA system and look closely benchmark dataset and SCADA security holes, followed by SCADA traffic anomaly recognition using artificial intelligence techniques and visual traffic monitoring system. Then, touches on the encryption technique suitable for the SCADA network. In the end, this paper gives the trend of SCADA IDS in the future and provides a proposed model to generate a reliable IDS, this model is proposed based on the investigation of previous researches. This paper focuses on SCADA systems that use IEC 60870-5-104 (IEC 104) protocol and distributed network protocol version 3 (DNP3) protocol as many SCADA systems use these two protocols.</p>

show abstract

Section: Vulnerability Issues Of Scada Systemmentioning

confidence: 99%

Section: Vulnerability Issues Of Scada Systemmentioning

confidence: 99%

Section: Dataset Issuementioning

confidence: 99%

Section: Vulnerable Points On General Scada Topologymentioning

confidence: 99%

See 2 more Smart Citations

The trends of supervisory control and data acquisition security challenges in heterogeneous networks

Arifin

Susanto²,

Stiawan

et al. 2021

IJEECS

View full text Add to dashboard Cite

show abstract

“…With regard to machine learning methods, de Toledo et al [19] developed a method that encrypts the traffic using the DNP3 protocol. This study used supervised algorithms to classify messages from the same protocol using datasets from the medium voltage of substations using simulation methods.…”

Section: Related Workmentioning

confidence: 99%

Toward an Applied Cyber Security Solution in IoT-Based Smart Grids: An Intrusion Detection System Approach

Yin

Liu

Nkenyereye

et al. 2019

Sensors

View full text Add to dashboard Cite

We present an innovative approach for a Cybersecurity Solution based on the Intrusion Detection System to detect malicious activity targeting the Distributed Network Protocol (DNP3) layers in the Supervisory Control and Data Acquisition (SCADA) systems. As Information and Communication Technology is connected to the grid, it is subjected to both physical and cyber-attacks because of the interaction between industrial control systems and the outside Internet environment using IoT technology. Often, cyber-attacks lead to multiple risks that affect infrastructure and business continuity; furthermore, in some cases, human beings are also affected. Because of the traditional peculiarities of process systems, such as insecure real-time protocols, end-to-end general-purpose ICT security mechanisms are not able to fully secure communication in SCADA systems. In this paper, we present a novel method based on the DNP3 vulnerability assessment and attack model in different layers, with feature selection using Machine Learning from parsed DNP3 protocol with additional data including malware samples. Moreover, we developed a cyber-attack algorithm that included a classification and visualization process. Finally, the results of the experimental implementation show that our proposed Cybersecurity Solution based on IDS was able to detect attacks in real time in an IoT-based Smart Grid communication environment.

show abstract

Industrial control protocols in the Internet core: Dismantling operational practices

2021

View full text Add to dashboard Cite

Industrial control systems (ICS) are managed remotely with the help of dedicated protocols that were originally designed to work in walled gardens. Many of these protocols have been adapted to Internet transport and support wide-area communication. ICS now exchange insecure traffic on an inter-domain level, putting at risk not only common critical infrastructure but also the Internet ecosystem (e.g., by DRDoS attacks). In this paper, we measure and analyze inter-domain ICS traffic at two central Internet vantage points, an IXP and an ISP. These traffic observations are correlated with data from honeypots and Internet-wide scans to separate industrial from non-industrial ICS traffic. We uncover mainly unprotected inter-domain ICS traffic and provide an in-depth view on Internet-wide ICS communication. Our results can be used (i) to create precise filters for potentially harmful non-industrial ICS traffic and (ii) to detect ICS sending unprotected inter-domain ICS traffic, being vulnerable to eavesdropping and traffic manipulation attacks. Additionally, we survey recent security extensions of ICS protocols, of which we find very little deployment. We estimate an upper bound of the deployment status for ICS security protocols in the Internet core.

show abstract

Encrypted DNP3 Traffic Classification Using Supervised Machine Learning Algorithms

Cited by 21 publications

References 12 publications

The trends of supervisory control and data acquisition security challenges in heterogeneous networks

The trends of supervisory control and data acquisition security challenges in heterogeneous networks

Toward an Applied Cyber Security Solution in IoT-Based Smart Grids: An Intrusion Detection System Approach

Industrial control protocols in the Internet core: Dismantling operational practices

Contact Info

Product

Resources

About