Research Article
Probability Risk Identification Based Intrusion Detection System for SCADA Systems
@INPROCEEDINGS{10.1007/978-3-319-90775-8_28, author={Thomas Marsden and Nour Moustafa and Elena Sitnikova and Gideon Creech}, title={Probability Risk Identification Based Intrusion Detection System for SCADA Systems}, proceedings={Mobile Networks and Management. 9th International Conference, MONAMI 2017, Melbourne, Australia, December 13-15, 2017, Proceedings}, proceedings_a={MONAMI}, year={2018}, month={5}, keywords={SCADA Security Network intrusion detection MODBUS TCP Probability risk identification}, doi={10.1007/978-3-319-90775-8_28} }- Thomas Marsden
Nour Moustafa
Elena Sitnikova
Gideon Creech
Year: 2018
Probability Risk Identification Based Intrusion Detection System for SCADA Systems
MONAMI
Springer
DOI: 10.1007/978-3-319-90775-8_28
Abstract
As Supervisory Control and Data Acquisition (SCADA) systems control several critical infrastructures, they have connected to the internet. Consequently, SCADA systems face different sophisticated types of cyber adversaries. This paper suggests a Probability Risk Identification based Intrusion Detection System (PRI-IDS) technique based on analysing network traffic of Modbus TCP/IP for identifying replay attacks. It is acknowledged that Modbus TCP is usually vulnerable due to its unauthenticated and unencrypted nature. Our technique is evaluated using a simulation environment by configuring a testbed, which is a custom SCADA network that is cheap, accurate and scalable. The testbed is exploited when testing the IDS by sending individual packets from an attacker located on the same LAN as the Modbus master and slave. The experimental results demonstrated that the proposed technique can effectively and efficiently recognise replay attacks.