Secure Model against APT in m-Connected SCADA Network

Kim, Si-Jung; Cho, Do-Eun; Yeo, Sang-Soo

doi:10.1155/2014/594652

Cited by 9 publications

(15 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Among others, protocols such as SSH, SSL, IPSec, and TLS offer end-to-end security solutions, in addition to crypto-protocol encryption systems [23,24]. Further research oriented towards the security of the application layer [25] focusing on data integrity and authentication procedures was developed with the aim of providing solutions for known attacks such as modification, spoofing, and flooding [26]. Nevertheless, a certain number of limitations was revealed resulting from mechanisms defined in the DNP3 protocol—in particular, embedded security mechanisms [27].…”

Section: Related Workmentioning

confidence: 99%

Toward an Applied Cyber Security Solution in IoT-Based Smart Grids: An Intrusion Detection System Approach

Yin

Liu

Nkenyereye

et al. 2019

Sensors

View full text Add to dashboard Cite

We present an innovative approach for a Cybersecurity Solution based on the Intrusion Detection System to detect malicious activity targeting the Distributed Network Protocol (DNP3) layers in the Supervisory Control and Data Acquisition (SCADA) systems. As Information and Communication Technology is connected to the grid, it is subjected to both physical and cyber-attacks because of the interaction between industrial control systems and the outside Internet environment using IoT technology. Often, cyber-attacks lead to multiple risks that affect infrastructure and business continuity; furthermore, in some cases, human beings are also affected. Because of the traditional peculiarities of process systems, such as insecure real-time protocols, end-to-end general-purpose ICT security mechanisms are not able to fully secure communication in SCADA systems. In this paper, we present a novel method based on the DNP3 vulnerability assessment and attack model in different layers, with feature selection using Machine Learning from parsed DNP3 protocol with additional data including malware samples. Moreover, we developed a cyber-attack algorithm that included a classification and visualization process. Finally, the results of the experimental implementation show that our proposed Cybersecurity Solution based on IDS was able to detect attacks in real time in an IoT-based Smart Grid communication environment.

show abstract

Section: Related Workmentioning

confidence: 99%

Toward an Applied Cyber Security Solution in IoT-Based Smart Grids: An Intrusion Detection System Approach

Yin

Liu

Nkenyereye

et al. 2019

Sensors

View full text Add to dashboard Cite

show abstract

“…The risks associated with one ICS system include its inherent vulnerabilities and features [18] that could be used by outsiders, often with the help of a violated client or server. A violated client can be used to manipulate the control devices and damage the controlled objects.…”

Section: Risks To Be Identifiedmentioning

confidence: 99%

Identification of ICS Security Risks toward the Analysis of Packet Interaction Characteristics Using State Sequence Matching Based on SF-FSM

Xu¹,

Dai²

2017

Security and Communication Networks

View full text Add to dashboard Cite

This paper discusses two aspects of major risks related to the cyber security of an industrial control system (ICS), including the exploitation of the vulnerabilities of legitimate communication parties and the features abused by unauthorized parties. We propose a novel framework for exposing the above two types of risks. A state fusion finite state machine (SF-FSM) model is defined to describe multiple request-response packet pair sequence signatures of various applications using the same protocol. An inverted index of keywords in an industrial protocol is also proposed to accomplish fast state sequence matching. Then we put forward the concept of scenario reconstruction, using state sequence matching based on SF-FSM, to present the known vulnerabilities corresponding to applications of a specific type and version by identifying the packet interaction characteristics from the data flow in the supervisory control layer network. We also implement an anomaly detection approach to identifying illegal access using state sequence matching based on SF-FSM. An anomaly is asserted if none of the state sequence signatures in the SF-FSM is matched with a packet flow. Ultimately, an example based on industrial protocols is demonstrated by a prototype system to validate the methods of scenario reconstruction and anomaly detection.

show abstract

“…These organizations and other researchers have developed several security solutions and protocols to guard against cyber-security issues, and the cryptography-based security mechanisms have been selected as the “best” security approaches for secure SCADA communications [ 26 , 30 , 31 , 32 , 33 , 34 , 35 , 36 , 37 , 38 , 39 , 40 , 41 , 42 ]. As a consequence, the DNP3 users group defined and described the cryptography approaches, such as the asymmetric and symmetric methods, to enhance the security of the DNP3 protocol; therefore, the details of several cryptography algorithms are available along with the information regarding their security parameters [ 43 , 44 , 45 , 46 , 47 , 48 , 49 , 50 , 51 , 52 , 53 , 54 , 55 , 56 , 57 ]. The main parameters such as integrity and authentication reportedly ensure and secure communication at an application level by employing a challenge-response mechanism and are significant in their protection against spoofing, modification, and replay attacks [ 8 , 58 ].…”

Section: Problem Statementmentioning

confidence: 99%

“…Supreme security protocols and/or solutions, such as secure sockets-layer (SSL)/transport-layer security (TLS), Internet protocol security (IPSec), secure shell (SSH), and key agreements and management, among others [ 43 , 44 , 45 , 46 , 47 , 48 ], have been deployed within traditional network systems and/or SCADA systems; however, these solutions have several limitations due to the protocol dependency, an end-to-end-security focus, and a reliance upon the other cryptography protocols for security [ 5 , 14 , 49 , 50 ]. An actual security enhancement was made to conquer the security issues that usually reside in the transmissions of the SCADA system; in this enhancement, the DNP3 protocol is considered, and encryption and authentication mechanisms that modify the original frame of the DNP3 protocol are employed.…”

Section: Problem Statementmentioning

confidence: 99%

Design and Development of Layered Security: Future Enhancements and Directions in Transmission

Shahzad

Lee

Kim

et al. 2016

Sensors

View full text Add to dashboard Cite

Today, security is a prominent issue when any type of communication is being undertaken. Like traditional networks, supervisory control and data acquisition (SCADA) systems suffer from a number of vulnerabilities. Numerous end-to-end security mechanisms have been proposed for the resolution of SCADA-system security issues, but due to insecure real-time protocol use and the reliance upon open protocols during Internet-based communication, these SCADA systems can still be compromised by security challenges. This study reviews the security challenges and issues that are commonly raised during SCADA/protocol transmissions and proposes a secure distributed-network protocol version 3 (DNP3) design, and the implementation of the security solution using a cryptography mechanism. Due to the insecurities found within SCADA protocols, the new development consists of a DNP3 protocol that has been designed as a part of the SCADA system, and the cryptographically derived security is deployed within the application layer as a part of the DNP3 stack.

show abstract

Secure Model against APT in m-Connected SCADA Network

Cited by 9 publications

References 9 publications

Toward an Applied Cyber Security Solution in IoT-Based Smart Grids: An Intrusion Detection System Approach

Toward an Applied Cyber Security Solution in IoT-Based Smart Grids: An Intrusion Detection System Approach

Identification of ICS Security Risks toward the Analysis of Packet Interaction Characteristics Using State Sequence Matching Based on SF-FSM

Design and Development of Layered Security: Future Enhancements and Directions in Transmission

Contact Info

Product

Resources

About