Abstract
Recent attacks on Industrial Control Systems (ICS) show the vulnerabilities of the existing ICSs. One emergency solution is to detect the anomalies and to defend the ICS/SCADA systems. Currently, on-line and off-line intrusion detection solutions are delivered in the specified technical literature. In this chapter, the authors provide Defence-In-Depth architecture with demilitarized zone based on the security standards. The use of the machine learning on intrusion detection into ICS and SCADA networks are emphasized and implemented in this chapter. At the same time, the existing security tools are envisaged and comparative analysis is provided. In order to extend the availability of the missing non-anomalies data the forecast of the energy consumption model is built, the obtained results are introduced in the chapter. The existing Intrusion detection algorithms are studied, some of them are implemented through the specific software and the obtained results are provided. At the end of the chapter different case studies of machine learning approach for Intrusion detection are introduced, the obtained numerical results being available in this chapter.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Falco, J.: IT Security for Industrial Control Systems. NIST IR 6859. (2003). http://www.isd.mel.nist.gov/documents/falco/ITSecurityProcess.pdf
Irfan, N., Mahmud, A.: A novel secure SDN/LTE based architecture for smart grid security. In: Proceeding of IEEE International Conference on Computer and Information Technology (2016)
Machii, W., Kato, I., Koike, M., Matta, M., Aoyama, T., Naruoka, H., Koshima, I., Hashimoto, Y.: Dynamic zoning based on situational activitie for ICS security. In: IEEE 978-1-4799-7862-5/15 (2015)
Intel Corporation.: Reducing Cost and Complexity with Industrial System Consolidation. Retrieved March 2016 from: http://www.intel.com/content/www/us/en/industrial-automation/reducing-cost-complexity-industrial
Mix, S.: Supervisory control and data acquisition (SCADA) systems security guide. Electr. Power Res. Inst. (EPRI) (2003)
Duggan, D.: Penetration testing of industrial control systems. Sandia National Laboratories, Report No SAND2005-2846P (2005)
Stamp, J.: Common vulnerabilities in critical infrastructure control systems. Sandia National Laboratories. (2003). http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.132.3264&rep=rep1&type=pdf
K. Scarfone, and P. Mell, NIST SP 800-94, “Guide to Intrusion Detection and Prevention Systems (IDPS)”, Feb. 2007, http://csrc.nist.gov/publications/PubsSPs.htmlhttp://csrc.nist.gov/publications/PubsSPs.html#800-94
Rinaldi, S.: Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Syst. Mag. 3, 11–25 (2001)
Matthew, F.: Vulnerability testing of industrial network devices. In: Critical Infrastructure Assurance Group, Cisco Systems (2003). http://blogfranz.googlecode.com/files/franz-isa-device-testing-oct03.pdf
Peerenboom, J.: Infrastructure interdependencies: overview of concepts and terminology. Invited paper, NSF/OSTP Workshop on Critical Infrastructure: Needs in Interdisciplinary Research and Graduate Training, Washington, DC, 14–15 June 2001
Boyer, S.: SCADA: Supervisory Control and Data Acquisition, 4th edn. Research Triangle Park, North Carolina: International Society of Automation (2010)
Fraser, R.E.: Process Measurement and Control: Introduction to Sensors, Communication, Adjustment, and Control, Upper Saddle River. Prentice-Hall Inc, New Jersey (2001)
Knapp, E.: Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and other Industrial Control Systems, Waltham. Syngress, Massachusetts (2011)
Bailey, D., Wright, E.: Practical SCADA for Industry. IDC Technologies, Vancouver (2003)
SCADA Security.: Advice for CEOs, IT Security Expert Advisory Group (ITSEAG)
American Gas Association.: AGA Report No. 12, Cryptographic Protection of SCADA Communications, Part 1: Background, Policies and Test Plan, 14 Sep, Mar 2006
Stanculescu, M., Badea, C.A., Marinescu, I., Andrei, P.C., Drosu, O., Andrei, H.: Vulnerability of SCADA and security solutions for a waste water treatment plant. In: Proceeding of IEEE-ATEE (2019)
Peterson, D.: Intrusion detection and cyber security monitoring of SCADA and DCS networks. ISA Automation West (AUTOWEST 2004), Long Beach, California, Apr 2004
https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=902622
Duff, W.G.: Handbook Series on Electromagnetic Interference and Compatibility, vol. 7
Stouffer, K., Abrams, M.: Guide to Industrial Control Systems (ICS) Security, pp. 800–82. NIST Special Publication (2013)
Guide to Securing Legacy IEEE 802.11 Wireless Networks, NIST Special Publication 800–48 Rev. 1
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-48r1.pdf
Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-97.pdf]
https://ec.europa.eu/eip/ageing/standards/ict-and-communication/interoperability/iec-61784_en)
Cybersecurity Interdisciplinary Systems Laboratory (CISL) Sloan School of Management, Room E 62-422 Massachusetts Institute of Technology Cambridge, MA 02142, https://cams.mit.edu/wp-content/uploads/2016-22.pdf
SP 800-48, Guide to Securing Legacy IEEE 802.11 Wireless Networks (2008)
The IAONA Handbook for Network Security Version 1.5—Magdeburg, June 6th 2006 http://www.ininet.ch/vpi-initiative/download/IAONA-Security-Guide-15-draft.pdf
Control Systems Cyber Security: Defense in Depth Strategies, David Kuipers Mark Fabro, May (2006). https://inldigitallibrary.inl.gov/sites/sti/sti/3375141.pdf
C37.1-2007-IEEE Standard for SCADA and Automation Systems, https://ieeexplore.ieee.org/document/4518930
Keith Stouffer Victoria Pillitteri Suzanne Lightman Marshall Abrams Adam Hahn, NIST Special Publication 800-82 Revision 2Guide to Industrial Control Systems (ICS) Security Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC). (2015). https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-82r2.pdf
The North American Electric Reliability Council (NERC). http://www.nerc.com. Accessed 2019
Lemaire, L., Vossaert, J., De Decker, B., Naessens, V.: Extending FAST-CPS for the analysis of data flows in cyber-physical systems. In: Rak, J., Bay, J., Kotenko, I., Popyack, L., Skormin, V., Szczypiorski, K. (eds) Computer Network Security. MMM-ACNS 2017. Lecture Notes in Computer Science, vol. 10446. Springer, Cham (2017)
Lee, E.A.: Cyber physical systems: design challenges. In: Object Oriented Real-Time Distributed Computing (ISORC), 2008 11th IEEE International Symposium on, pp. 363–369. IEEE, 2008
Wang, E.K., Ye, Y., Xu, X., Yiu, S.M., Hui, L.C.K., Chow, KP.: Security issues and challenges for cyber physical system. In: Proceedings of the 2010 IEEE/ACM Int’l Conference on Green Computing and Communications and International Conference on Cyber, Physical and Social Computing, pp. 733–738. IEEE Computer Society (2010)
Chapman, J.P., Ofner, S., Pauksztelo, P.: Key factors in industrial control system security. In: Local Computer Networks (LCN), 2016 IEEE 41st Conference on, pp 551–554. IEEE (2016)
Sadeghi, A.R., Wachsmann, C., Waidner, M.: Security and privacy challenges in industrial internet of things. In: Proceedings of the 52nd Annual Design Automation Conference, 54p. ACM (2015)
Gligor, V.D., Pompiliu, D.: Block encryption method and schemes for data con_dentiality and integrity protection. US Patent 6,973,187. 6 Dec 2005
Agrawal, S., Boneh, D.: Homomorphic macs: Mac-based integrity for network coding. In: International Conference on Applied Cryptography and Network Security, pp. 292–305. Springer, 2009
Neuman, C.: Challenges in security for cyber-physical systems. In: DHS Workshop on Future Directions in Cyber-Physical Systems Security, pp. 22–24. Citeseer (2009)
McLaughlin, S., Konstantinou, C., Wang, X., Davi, L., Sadeghi, A.-R., Maniatakos, M., Karri, R.: The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039–1057 (2016)
Walker, M., Reiser, M.O., Tucci-Piergiovanni, S., Papadopoulos, Y., Lönn, H., Chokri, M., Parker, D., Chen, D., Servat, D.: Automatic optimization of system architectures using east-adl. J. Syst. Softw. 86 (10): 2467–2487 (2013)
Abrams, M., Weiss, J.: Malicious control system cyber security attack case study- maroochy water services, Australia (2008)
Lee, R.M.: The Industrial Cyber Threat Landscape, The Role of The Private Sector And Government in Addressing Cyber Threats to Energy Infrastructure. Dirksen Senate Office Building. 1 Mar 2018. https://www.energy.senate.gov/public/index.cfm/2018/3/full-committee-hearing-to-examine-cyber-security-in-our-nations-critical-energy-infrastructure-030118
Mohurle, S., Patil, M.: A brief study of wannacry threat: Ransomware attack 2017. Int. J. 8(5) (2017)
Industrial Risk Assessment Map v2 (IRAM) HD. www.scadacs.org
Laurens, L., Vossaert, J, De Decker, B., Naessens, V.: Assessing the Security of an Industrial. Hatchery using the FAST-CPS Framework, Report CW710, Dec 2017
http://ics-cert.us-cert.gov/Assessments Homeland Security. Cset: Cyber security evaluation tool (2014)
LeMay, E., Ford, M.D., Keefe, K., Sanders, W.H., Muehrcke, C.: Model-based security metrics using adversary view security evaluation (advise). In: Quantitative Evaluation of Systems (QEST), 2011 Eighth International Conference on, pp. 191–200. IEEE (2011)
Ford, M.D., Keefe, K., LeMay, E., Sanders, W.H., Muehrcke, C.: Implementing the advise security modeling formalism in mobius. In: Dependable Systems and Networks (DSN), 2013 43rd Annual IEEE/IFIP International Conference on, pp. 1–8. IEEE (2013)
Vu, A.H., Tippenhauer, N.O., Chen, B., Nicol, D.M., Kalbarczyk, Z.: Cybersage: a tool for automatic security assessment of cyber-physical systems. In: International Conference on Quantitative Evaluation of Systems, pp. 384–387. Springer (2014)
Sommestad, T., Ekstedt, M., Holm, H.: The cyber security modeling language: A tool for assessing the vulnerability of enterprise system architectures. Syst. J. IEEE 7(3), 363–373 (2013)
https://towardsdatascience.com/time-series-forecasting-arima-models-7f221e9eee06. https://www.kaggle.com/rihadv
https://machinelearningmastery.com/arima-for-time-series-forecasting-with-python/
Fanaee-T, H., Gama, J.: Event labeling combining ensemble detectors and background knowledge. In: Progress in Artificial Intelligence, pp. 1–15. Springer Berlin Heidelberg. (2013). http://link.springer.com/article/10.1007/s13748-013-0040-3
Lichman, M.: UCI Machine Learning Repository [http://archive.ics.uci.edu/ml]. Irvine, CA: University of California, School of Information and Computer Science (2013)
https://pk-shinies.shinyapps.io/ipto-ml/#section-loads-descriptives-statistics
Chen, S.T., Cornelius, C., Martin, J., Chau, D.H.P.: ShapeShifter: robust physical adversarial attack on faster R-CNN object detector. Georgia Institute of Technology, Atlanta, GA, USA
Aoudi, W., Iturbe, M., Almgren, M.: Truth will out: departure-based process-level detection of stealthy attacks on control systems. In: Proceedings of the ACM Conference on Computer and Communications Security: pp. 817–831. (2018). http://dx.doi.org/10.1145/3243734.3243781
Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection. arXiv:1802.09089v2 [cs.CR] 27 May 2018
Jiang, J.A., Chen, C.P., Chuang, C.L., Lin, T.S., Tseng, C.L., Yang, E.C., Wang, Y.C.: CoCMA: energy-efficient coverage control in cluster-based wireless sensor networks using a memetic algorithm. Sensors. 9, 4918–4940 (2009). https://doi.org/10.3390/s90604918, ISSN 1424-8220
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Gaiceanu, M., Stanculescu, M., Andrei, P.C., Solcanu, V., Gaiceanu, T., Andrei, H. (2020). Intrusion Detection on ICS and SCADA Networks. In: Pricop, E., Fattahi, J., Dutta, N., Ibrahim, M. (eds) Recent Developments on Industrial Control Systems Resilience. Studies in Systems, Decision and Control, vol 255. Springer, Cham. https://doi.org/10.1007/978-3-030-31328-9_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-31328-9_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-31327-2
Online ISBN: 978-3-030-31328-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)