Intrusion Detection on ICS and SCADA Networks

  • Marian GaiceanuEmail author
  • Marilena Stanculescu
  • Paul Cristian Andrei
  • Vasile Solcanu
  • Theodora Gaiceanu
  • Horia Andrei
Part of the Studies in Systems, Decision and Control book series (SSDC, volume 255)


Recent attacks on Industrial Control Systems (ICS) show the vulnerabilities of the existing ICSs. One emergency solution is to detect the anomalies and to defend the ICS/SCADA systems. Currently, on-line and off-line intrusion detection solutions are delivered in the specified technical literature. In this chapter, the authors provide Defence-In-Depth architecture with demilitarized zone based on the security standards. The use of the machine learning on intrusion detection into ICS and SCADA networks are emphasized and implemented in this chapter. At the same time, the existing security tools are envisaged and comparative analysis is provided. In order to extend the availability of the missing non-anomalies data the forecast of the energy consumption model is built, the obtained results are introduced in the chapter. The existing Intrusion detection algorithms are studied, some of them are implemented through the specific software and the obtained results are provided. At the end of the chapter different case studies of machine learning approach for Intrusion detection are introduced, the obtained numerical results being available in this chapter.


Intrusion detection Industrial control systems SCADA Machine learning Algorithms Optimization 


  1. 1.
    Falco, J.: IT Security for Industrial Control Systems. NIST IR 6859. (2003).
  2. 2.
    Irfan, N., Mahmud, A.: A novel secure SDN/LTE based architecture for smart grid security. In: Proceeding of IEEE International Conference on Computer and Information Technology (2016)Google Scholar
  3. 3.
    Machii, W., Kato, I., Koike, M., Matta, M., Aoyama, T., Naruoka, H., Koshima, I., Hashimoto, Y.: Dynamic zoning based on situational activitie for ICS security. In: IEEE 978-1-4799-7862-5/15 (2015)Google Scholar
  4. 4.
    Intel Corporation.: Reducing Cost and Complexity with Industrial System Consolidation. Retrieved March 2016 from:
  5. 5.
    Mix, S.: Supervisory control and data acquisition (SCADA) systems security guide. Electr. Power Res. Inst. (EPRI) (2003)Google Scholar
  6. 6.
    Duggan, D.: Penetration testing of industrial control systems. Sandia National Laboratories, Report No SAND2005-2846P (2005)Google Scholar
  7. 7.
    Stamp, J.: Common vulnerabilities in critical infrastructure control systems. Sandia National Laboratories. (2003).
  8. 8.
    K. Scarfone, and P. Mell, NIST SP 800-94, “Guide to Intrusion Detection and Prevention Systems (IDPS)”, Feb. 2007,
  9. 9.
    Rinaldi, S.: Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Syst. Mag. 3, 11–25 (2001)Google Scholar
  10. 10.
    Matthew, F.: Vulnerability testing of industrial network devices. In: Critical Infrastructure Assurance Group, Cisco Systems (2003).
  11. 11.
    Peerenboom, J.: Infrastructure interdependencies: overview of concepts and terminology. Invited paper, NSF/OSTP Workshop on Critical Infrastructure: Needs in Interdisciplinary Research and Graduate Training, Washington, DC, 14–15 June 2001Google Scholar
  12. 12.
    Boyer, S.: SCADA: Supervisory Control and Data Acquisition, 4th edn. Research Triangle Park, North Carolina: International Society of Automation (2010)Google Scholar
  13. 13.
    Fraser, R.E.: Process Measurement and Control: Introduction to Sensors, Communication, Adjustment, and Control, Upper Saddle River. Prentice-Hall Inc, New Jersey (2001)Google Scholar
  14. 14.
    Knapp, E.: Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and other Industrial Control Systems, Waltham. Syngress, Massachusetts (2011)CrossRefGoogle Scholar
  15. 15.
    Bailey, D., Wright, E.: Practical SCADA for Industry. IDC Technologies, Vancouver (2003)Google Scholar
  16. 16.
    SCADA Security.: Advice for CEOs, IT Security Expert Advisory Group (ITSEAG)Google Scholar
  17. 17.
    American Gas Association.: AGA Report No. 12, Cryptographic Protection of SCADA Communications, Part 1: Background, Policies and Test Plan, 14 Sep, Mar 2006Google Scholar
  18. 18.
    Stanculescu, M., Badea, C.A., Marinescu, I., Andrei, P.C., Drosu, O., Andrei, H.: Vulnerability of SCADA and security solutions for a waste water treatment plant. In: Proceeding of IEEE-ATEE (2019)Google Scholar
  19. 19.
    Peterson, D.: Intrusion detection and cyber security monitoring of SCADA and DCS networks. ISA Automation West (AUTOWEST 2004), Long Beach, California, Apr 2004Google Scholar
  20. 20.
  21. 21.
    Duff, W.G.: Handbook Series on Electromagnetic Interference and Compatibility, vol. 7Google Scholar
  22. 22.
    Stouffer, K., Abrams, M.: Guide to Industrial Control Systems (ICS) Security, pp. 800–82. NIST Special Publication (2013)Google Scholar
  23. 23.
    Guide to Securing Legacy IEEE 802.11 Wireless Networks, NIST Special Publication 800–48 Rev. 1Google Scholar
  24. 24.
  25. 25.
    Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11iGoogle Scholar
  26. 26.
  27. 27.
  28. 28.
  29. 29.
  30. 30.
  31. 31.
    Cybersecurity Interdisciplinary Systems Laboratory (CISL) Sloan School of Management, Room E 62-422 Massachusetts Institute of Technology Cambridge, MA 02142,
  32. 32.
    SP 800-48, Guide to Securing Legacy IEEE 802.11 Wireless Networks (2008)Google Scholar
  33. 33.
    The IAONA Handbook for Network Security Version 1.5—Magdeburg, June 6th 2006
  34. 34.
    Control Systems Cyber Security: Defense in Depth Strategies, David Kuipers Mark Fabro, May (2006).
  35. 35.
    C37.1-2007-IEEE Standard for SCADA and Automation Systems,
  36. 36.
  37. 37.
  38. 38.
  39. 39.
    Keith Stouffer Victoria Pillitteri Suzanne Lightman Marshall Abrams Adam Hahn, NIST Special Publication 800-82 Revision 2Guide to Industrial Control Systems (ICS) Security Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC). (2015).
  40. 40.
    The North American Electric Reliability Council (NERC). Accessed 2019
  41. 41.
  42. 42.
  43. 43.
    Lemaire, L., Vossaert, J., De Decker, B., Naessens, V.: Extending FAST-CPS for the analysis of data flows in cyber-physical systems. In: Rak, J., Bay, J., Kotenko, I., Popyack, L., Skormin, V., Szczypiorski, K. (eds) Computer Network Security. MMM-ACNS 2017. Lecture Notes in Computer Science, vol. 10446. Springer, Cham (2017)Google Scholar
  44. 44.
    Lee, E.A.: Cyber physical systems: design challenges. In: Object Oriented Real-Time Distributed Computing (ISORC), 2008 11th IEEE International Symposium on, pp. 363–369. IEEE, 2008Google Scholar
  45. 45.
    Wang, E.K., Ye, Y., Xu, X., Yiu, S.M., Hui, L.C.K., Chow, KP.: Security issues and challenges for cyber physical system. In: Proceedings of the 2010 IEEE/ACM Int’l Conference on Green Computing and Communications and International Conference on Cyber, Physical and Social Computing, pp. 733–738. IEEE Computer Society (2010)Google Scholar
  46. 46.
    Chapman, J.P., Ofner, S., Pauksztelo, P.: Key factors in industrial control system security. In: Local Computer Networks (LCN), 2016 IEEE 41st Conference on, pp 551–554. IEEE (2016)Google Scholar
  47. 47.
    Sadeghi, A.R., Wachsmann, C., Waidner, M.: Security and privacy challenges in industrial internet of things. In: Proceedings of the 52nd Annual Design Automation Conference, 54p. ACM (2015)Google Scholar
  48. 48.
    Gligor, V.D., Pompiliu, D.: Block encryption method and schemes for data con_dentiality and integrity protection. US Patent 6,973,187. 6 Dec 2005Google Scholar
  49. 49.
    Agrawal, S., Boneh, D.: Homomorphic macs: Mac-based integrity for network coding. In: International Conference on Applied Cryptography and Network Security, pp. 292–305. Springer, 2009Google Scholar
  50. 50.
    Neuman, C.: Challenges in security for cyber-physical systems. In: DHS Workshop on Future Directions in Cyber-Physical Systems Security, pp. 22–24. Citeseer (2009)Google Scholar
  51. 51.
    McLaughlin, S., Konstantinou, C., Wang, X., Davi, L., Sadeghi, A.-R., Maniatakos, M., Karri, R.: The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039–1057 (2016)CrossRefGoogle Scholar
  52. 52.
    Walker, M., Reiser, M.O., Tucci-Piergiovanni, S., Papadopoulos, Y., Lönn, H., Chokri, M., Parker, D., Chen, D., Servat, D.: Automatic optimization of system architectures using east-adl. J. Syst. Softw. 86 (10): 2467–2487 (2013)Google Scholar
  53. 53.
    Abrams, M., Weiss, J.: Malicious control system cyber security attack case study- maroochy water services, Australia (2008)Google Scholar
  54. 54.
    Lee, R.M.: The Industrial Cyber Threat Landscape, The Role of The Private Sector And Government in Addressing Cyber Threats to Energy Infrastructure. Dirksen Senate Office Building. 1 Mar 2018.
  55. 55.
    Mohurle, S., Patil, M.: A brief study of wannacry threat: Ransomware attack 2017. Int. J. 8(5) (2017)Google Scholar
  56. 56.
    Industrial Risk Assessment Map v2 (IRAM) HD.
  57. 57.
  58. 58.
    Laurens, L., Vossaert, J, De Decker, B., Naessens, V.: Assessing the Security of an Industrial. Hatchery using the FAST-CPS Framework, Report CW710, Dec 2017Google Scholar
  59. 59. Homeland Security. Cset: Cyber security evaluation tool (2014)
  60. 60.
    LeMay, E., Ford, M.D., Keefe, K., Sanders, W.H., Muehrcke, C.: Model-based security metrics using adversary view security evaluation (advise). In: Quantitative Evaluation of Systems (QEST), 2011 Eighth International Conference on, pp. 191–200. IEEE (2011)Google Scholar
  61. 61.
    Ford, M.D., Keefe, K., LeMay, E., Sanders, W.H., Muehrcke, C.: Implementing the advise security modeling formalism in mobius. In: Dependable Systems and Networks (DSN), 2013 43rd Annual IEEE/IFIP International Conference on, pp. 1–8. IEEE (2013)Google Scholar
  62. 62.
    Vu, A.H., Tippenhauer, N.O., Chen, B., Nicol, D.M., Kalbarczyk, Z.: Cybersage: a tool for automatic security assessment of cyber-physical systems. In: International Conference on Quantitative Evaluation of Systems, pp. 384–387. Springer (2014)Google Scholar
  63. 63.
    Sommestad, T., Ekstedt, M., Holm, H.: The cyber security modeling language: A tool for assessing the vulnerability of enterprise system architectures. Syst. J. IEEE 7(3), 363–373 (2013)Google Scholar
  64. 64.
  65. 65.
  66. 66.
  67. 67.
  68. 68.
    Fanaee-T, H., Gama, J.: Event labeling combining ensemble detectors and background knowledge. In: Progress in Artificial Intelligence, pp. 1–15. Springer Berlin Heidelberg. (2013).
  69. 69.
    Lichman, M.: UCI Machine Learning Repository []. Irvine, CA: University of California, School of Information and Computer Science (2013)
  70. 70.
  71. 71.
    Chen, S.T., Cornelius, C., Martin, J., Chau, D.H.P.: ShapeShifter: robust physical adversarial attack on faster R-CNN object detector. Georgia Institute of Technology, Atlanta, GA, USAGoogle Scholar
  72. 72.
    Aoudi, W., Iturbe, M., Almgren, M.: Truth will out: departure-based process-level detection of stealthy attacks on control systems. In: Proceedings of the ACM Conference on Computer and Communications Security: pp. 817–831. (2018).
  73. 73.
    Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection. arXiv:1802.09089v2 [cs.CR] 27 May 2018
  74. 74.
    Jiang, J.A., Chen, C.P., Chuang, C.L., Lin, T.S., Tseng, C.L., Yang, E.C., Wang, Y.C.: CoCMA: energy-efficient coverage control in cluster-based wireless sensor networks using a memetic algorithm. Sensors. 9, 4918–4940 (2009)., ISSN 1424-8220

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Marian Gaiceanu
    • 1
    Email author
  • Marilena Stanculescu
    • 2
  • Paul Cristian Andrei
    • 2
  • Vasile Solcanu
    • 3
  • Theodora Gaiceanu
    • 4
  • Horia Andrei
    • 5
  1. 1.Department of Control Systems and Electrical EngineeringDunarea de Jos University of GalatiGalatiRomania
  2. 2.Department of Electrical EngineeringUniversity Politehnica BucharestBucharestRomania
  3. 3.Dunarea de Jos University of GalatiGalatiRomania
  4. 4.Gheorghe Asachi Technical University of IasiIasiRomania
  5. 5.SM-IEEEBucharestRomania

Personalised recommendations