Title :
On SCADA control system command and response injection and intrusion detection
Author :
Gao, Wei ; Morris, Thomas ; Reaves, Bradley ; Richey, Drew
Author_Institution :
Dept. of Electr. & Comput. Eng., Mississippi State Univ., Starkville, MS, USA
Abstract :
SCADA systems are widely used in critical infrastructure sectors, including electricity generation and distribution, oil and gas production and distribution, and water treatment and distribution. SCADA process control systems are typically isolated from the internet via firewalls. However, they may still be subject to illicit cyber penetrations and may be subject to cyber threats from disgruntled insiders. We have developed a set of command injection, data injection, and denial of service attacks which leverage the lack of authentication in many common control system communication protocols including MODBUS, DNP3, and EtherNET/IP. We used these exploits to aid in development of a neural network based intrusion detection system which monitors control system physical behavior to detect artifacts of command and response injection attacks. Finally, we present intrusion detection accuracy results for our neural network based IDS which includes input features derived from physical properties of the control system.
Keywords :
SCADA systems; authorisation; computer crime; critical infrastructures; neural nets; DNP3; EtherNET/IP; Internet; MODBUS; SCADA control system; control system communication protocol; critical infrastructure sector; cyber threat; data injection; denial of service attack; electricity generation; firewall; intrusion detection; neural network; oil and gas production; water distribution; water treatment; Chemicals; Ethernet networks; IP networks; Monitoring; Protocols; Registers; Security; SCADA control system; cyber security; intrusion detection;
Conference_Titel :
eCrime Researchers Summit (eCrime), 2010
Conference_Location :
Dallas, TX
Print_ISBN :
978-1-4244-7760-9
DOI :
10.1109/ecrime.2010.5706699
