Abstract
The malicious codes and attacks against ICS today are becoming more advanced and intelligent. The security risk for ICS is increasing, and it’s becoming more important to secure the cyber safety of ICS from these security threats. Recent ICS not only uses serial communication protocol, but also an Ethernet-based control communication protocol. Malicious codes attacking ICS attempts to imitate the corresponding control protocol to insert malware into the payload for communication, or imitates normal control packets for malicious control or disabling of control devices. Also, multiple presentations exist on the possible scenarios of various cyber attack targeting. However, current IDS/IPS for ICS functions with technology to detect attacks based on a blacklist, and thus cannot detect attacks exhibiting new techniques. In order to solve these problems, there have been recent studies on white list based attack detection technology for practical application on ICS. However, current studies on white list based detection technology utilizes a white list based on IP address, service port number information, etc., and thus cannot be utilized to detect attacks exhibiting a replay pattern or in which only data value is changed inside a normal command. This study suggests a technology that can detect attacks exhibiting a replay pattern against ICS, using white list based detection and machine learning to educate control traffic and apply the results to actual detection.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Falliere, N., O Murchu, L., Chien, E.: W32.Stuxnet Dossier, Symantec, version 1.3 edition, November 2010
Virvilis, N., Gritzalis, D.: The big four - what we did wrong in advanced persistent threat detection? In: IEEE Availability, Reliability and Security (ARES), pp. 248–254, September 2013
Bencsath, B., Pek, G., Buttyan, L., Felegyhazi, M.: The cousins of Stuxnet: Duqu, Flame, and Gauss. Proc. Future Internet 4(4), 971–1003 (2012)
Piggin, R.: Critical infrastructure under attack. ITNOW 56(4), 30–33 (2014)
Khan, R., Maynard, P., McLaughlin, K., Laverty, D., Sezer, S.: Threat analysis of BlackEnergy malware for synchrophasor based real-time control and monitoring in smart grid. In: Proceedings of 4th international symposium on ICS SCADA cyber security research (ICS-CSR), pp. 53–63, August 2016
Cherepanov, A.: Win32/INDUSTROYER-a new threat for industrial control systems, Technical report (2017). https://www.welivesecurity.com/wpcontent/uploads/2017/06/Win32_Industroyer.pdf
Nazir, S., Patel, S., Patel, D.: Assessing and augmenting SCADA cyber security: a survey of techniques. Comput. Secur. 70, 436–454 (2017)
Maglaras, L.A., Jiang, J., Cruz, T.J.: Integrated OCSVM mechanism for intrusion detection in SCADA systems. IET Electron. Lett. 50, 1935–1936 (2014)
Klick, J., Lau, S., Marzin, D., Malchow, J.-O., Roth, V.: Internet-facing PLCs - a new back orifice. In: Blackhat USA 2015, Las Vegas, USA (2015)
Spenneberg, R., BrĂ¼ggemann, M., Schwartke, H.: PLC-blaster: a worm living solely in the PLC. In: Blackhat ASIA 2016, Singapore (2016)
Lei, C., Donghong, L., Liang, M.: The spear to break the security wall of S7CommPlus. In: Blackhat USA 2017, Las Vegas USA (2017)
Ginter, A.: An analysis of Whitelisting security solutions and their applicability in control systems. In: SCADA Security Scientific Symposium (S4), Miami, USA, January 2010
Yoon, J., Kim, W., Seo, J.: Study on technology requirement using the technological trend of security products concerning industrial control system. J. Korea Inst. Inform. Secur. Crytol. 22(5), 22–26 (2012)
Barbosa, R.R.R., Sadre, R., Pras, A.: Flow whitelisting in SCADA networks. Int. J. Crit. Infrastruct. Protect. 6(3), 150–158 (2013)
Yoo, H., Yun, J.-H., Shon, T.: Whitelist-based anomaly detection for industrial control system security. J. KICS 38(08), 641–653 (2013)
The Tofino security appliance website (2015). http://www.tofinosecurity.com/products
The innominate security technologies mGuard website (2015). http://www.innominate.com/en/products
Kim, B.K., Kang, D.H., Na, J.C., Chung, T.M.: Abnormal traffic filtering mechanism for protecting ICS networks. In: 2016 18th International Conference on Advanced Communication Technology (ICACT), pp. 436–440. IEEE, January 2016
Yang, Y., et al.: Multiattribute SCADAspecific intrusion detection system for power networks. IEEE Trans. Power Deliv. 29(3), 1092–1102 (2014)
Yasakethu, S.L.P., Jiang, J.: Intrusion detection via machine learning for SCADA system protection. In: Proceedings of the 1st International Symposium on ICS & SCADA Cyber Security Research 2013, pp. 101–105, 16–17 September 2013, Leicester, UK (2013)
Ponomarev, S., Atkison, T.: Industrial control system network intrusion detection by telemetry analysis. IEEE Trans. Dependable Secure Comput. 13(2), 252–260 (2016)
Schuster, F., Paul, A., König, H.: Towards learning normality for anomaly detection in industrial control networks. In: Doyen, G., Waldburger, M., ÄŒeleda, P., Sperotto, A., Stiller, B. (eds.) Emerging Management Mechanisms for the Future Internet. AIMS 2013. LNCS, vol. 7943. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38998-6_8
Acknowledgement
This research was supported by the Research Program of the Korea Institute of Energy Technology Evaluation and Planning (KETEP) Institute of Korea. (No. 20162220200010) and the Soonchunhyang University Research Fund.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Hong, KS., Kim, HB., Kim, DH., Seo, JT. (2019). Detection of Replay Attack Traffic in ICS Network. In: Lee, R. (eds) Applied Computing and Information Technology. ACIT 2018. Studies in Computational Intelligence, vol 788. Springer, Cham. https://doi.org/10.1007/978-3-319-98370-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-98370-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-98369-1
Online ISBN: 978-3-319-98370-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)