Abstract
Industrial control systems are widely used across the critical infrastructure sectors. Anomaly-based intrusion detection is an attractive approach for identifying potential attacks that leverage industrial control systems to target critical infrastructure assets. In order to analyze the performance of an anomaly-based intrusion detection system, extensive testing should be performed by considering variations of specific cyber threat scenarios, including victims, attack timing, traffic volume and transmitted contents. However, due to security concerns and the potential impact on operations, it is very difficult, if not impossible, to collect abnormal network traffic from real-world industrial control systems. This chapter addresses the problem by proposing a method for automatically generating a variety of anomalous test traffic based on cyber threat scenarios related to industrial control systems.
Chapter PDF
Similar content being viewed by others
References
R. Barbosa, R. Sadre and A. Pras, A first look into SCADA network traffic, Proceedings of the IEEE Network Operations and Management Symposium, pp. 518–521, 2012.
H. Christiansson and E. Luiijf, Creating a European SCADA security testbed, in Critical Infrastructure Protection, E. Goetz and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 237–247, 2007.
Conpot Development Team, CONPOT: ICS/SCADA Honeypot (conpot.org), 2018.
C. Davis, J. Tate, H. Okhravi, C. Grier, T. Overbye and D. Nicol, SCADA cyber security testbed development, Proceedings of the Thirty-Eighth North American Power Symposium, pp. 483–488, 2006.
O. Depren, M. Topallar, E. Anarim and M. Ciliz, An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks, Expert Systems with Applications, vol. 29(4), pp. 713–722, 2005.
J. Goh, S. Adepu, K. Junejo and A. Mathur, A dataset to support research in the design of secure water treatment systems, Proceedings of the Eleventh International Conference on Critical Information Infrastructures Security, pp. 88–99, 2016.
A. Hahn and M. Govindarasu, Cyber attack exposure evaluation framework for the smart grid, IEEE Transactions on Smart Grid, vol. 2(4), pp. 835–843, 2011.
A. Hahn, B. Kregel, M. Govindarasu, J. Fitzpatrick, R. Adnan, S. Sridhar and M. Higdon, Development of the PowerCyber SCADA security testbed, Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, article no. 21, 2010.
Information-Technology Promotion Agency, About IPA, Tokyo, Japan (www.ipa.go.jp), 2018.
Ixia, Test Architecture, Calabasas, California (www.ixiacom.com/solutions/test-architecture), 2018.
M. Knauff, J. McLaughlin, C. Dafis, D. Niebur, P. Singh, H. Kwatny and C. Nwankpa, Simulink model of a lithium-ion battery for the hybrid power system testbed, Proceedings of the ASNE Intelligent Ships Symposium, 2007.
A. Lazarevic, L. Ertoz, V. Kumar, A. Ozgur and J. Srivastava, A comparative study of anomaly detection schemes in network intrusion detection, Proceedings of the SIAM International Conference on Data Mining, pp. 25–36, 2003.
A. Lemay and J. Fernandez, Providing SCADA network datasets for intrusion detection research, Proceedings of the Ninth USENIX Workshop on Cyber Security Experimentation and Test, 2016.
S. Luders, Control systems under attack? Proceedings of the Tenth International Conference on Accelerator and Large Experimental Physics Control Systems, 2005.
S. Mukkamala, G. Janoski and A. Sung, Intrusion detection using neural networks and support vector machines, Proceedings of the International Joint Conference on Neural Networks, vol. 2, pp. 1702–1707, 2002.
pevma, rule2alert (github.com/pevma/rule2alert), 2014.
pytbull, What is pytbull? (pytbull.sourceforge.net), 2018.
N. Rodofile, T. Schmidt, S. Sherry, C. Djamaludin, K. Radke and E. Foo, Process control cyber attacks and labeled datasets on S7Comm critical infrastructure, Proceedings of the Twenty-Second Australasian Conference on Information Security and Privacy, Part II, pp. 452–459, 2017.
J. Song, H. Takakura, Y. Okabe, M. Eto, D. Inoue and K. Nakao, Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation, Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 29–36, 2011.
K. Stouffer, V. Pillitteri, S. Lightman, M. Abrams and A. Hahn, Guide to Industrial Control Systems (ICS) Security, NIST Special Publication 800-82, Revision 2, National Institute of Standards and Technology, Gaithersburg, Maryland, 2015.
J. Wan, A. Canedo and M. Al Faruque, Security-aware functional modeling of cyber-physical systems, Proceedings of the Twentieth IEEE Conference on Emerging Technologies and Factory Automation, 2015.
J. Yun, S. Jeon, K. Kim and W. Kim, Burst-based anomaly detection for the DNP3 protocol, International Journal of Control and Automation, vol. 6(2), pp. 313–324, 2013.
B. Zhu, A. Joseph and S. Sastry, A taxonomy of cyber attacks on SCADA systems, Proceedings of the International Conference on Internet of Things and Fourth IEEE International Conference on Cyber, Physical and Social Computing, pp. 380–388, 2011.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 IFIP International Federation for Information Processing
About this paper
Cite this paper
Song, JY., Lee, W., Yun, JH., Park, H., Kim, SK., Choi, YJ. (2018). Generating Abnormal Industrial Control Network Traffic for Intrusion Detection System Testing. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XII. ICCIP 2018. IFIP Advances in Information and Communication Technology, vol 542. Springer, Cham. https://doi.org/10.1007/978-3-030-04537-1_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-04537-1_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04536-4
Online ISBN: 978-3-030-04537-1
eBook Packages: Computer ScienceComputer Science (R0)