Title :
Intrusion Detection System for IEC 60870-5-104 based SCADA networks
Author :
Yang, Yi ; McLaughlin, Keiran ; Littler, Tim ; Sezer, Sakir ; Pranggono, Bernardi ; Wang, H.F.
Author_Institution :
Electron., Electr. Eng. & Comput. Sci., Queen´s Univ. Belfast, Belfast, UK
Abstract :
Increased complexity and interconnectivity of Supervisory Control and Data Acquisition (SCADA) systems in Smart Grids potentially means greater susceptibility to malicious attackers. SCADA systems with legacy communication infrastructure have inherent cyber-security vulnerabilities as these systems were originally designed with little consideration of cyber threats. In order to improve cyber-security of SCADA networks, this paper presents a rule-based Intrusion Detection System (IDS) using a Deep Packet Inspection (DPI) method, which includes signature-based and model-based approaches tailored for SCADA systems. The proposed signature-based rules can accurately detect several known suspicious or malicious attacks. In addition, model-based detection is proposed as a complementary method to detect unknown attacks. Finally, proposed intrusion detection approaches for SCADA networks are implemented and verified via Snort rules.
Keywords :
SCADA systems; power system security; protocols; safety systems; smart power grids; DPI method; IDS; IEC 60870-5-104; SCADA systems; Snort rules; cyber security vulnerabilities; cyber threats; deep packet inspection method; legacy communication infrastructure; malicious attackers; model-based detection; rule-based intrusion detection system; signature-based approaches; smart grids; supervisory control and data acquisition systems; unknown attacks; IEC standards; Intrusion detection; Protocols; SCADA systems; Servers; Cyber-security; IEC 60870-5-104; Intrusion detection system; SCADA;
Conference_Titel :
Power and Energy Society General Meeting (PES), 2013 IEEE
Conference_Location :
Vancouver, BC
DOI :
10.1109/PESMG.2013.6672100
