Abstract
Most Intrusion Detection System(IDS) used in Supervisory Control and Data Acquisition (SCADA) systems now are focused on the cyber field but ignored the process states in physical field of the plants. Attacks aiming at the protocol traffics can be detected but attacks aiming at the processes are difficult to be detected such as the Man In The Middle (MITM) attacks and the Replay attacks. We propose a scheme in both cyber way and physical way to detect the above attacks. Validation of process states is used to detect malicious behaviors to prevent the physical components from being damaged which can be caused by MITM, Replay, and Zero-day attacks. Nonparallel hyperplane based fuzzy classifier is presented to realize the classification of branching shaped data sets which are difficult to be classified by two parallel hyperplane of Support Vector Machine(SVM) to detect attacks caused by DoS (SYN flood) and other attacks in cyber field. Modbus/TCP traffic data are used to test the algorithm and simulation process states are used to test the validation part and the performance of this hybrid scheme is excellent.
Highlights
There are different aspects between Information Technology System(ITS) and Industrial Control System(ICS) networks: the performance requirements, risk management requirements, and communication etc. [1]
The security of a Supervisory Control and Data Acquisition (SCADA) system including the protection of the physical infrastructures and the controlled processes, communication protocols, asset management, and so on [2], which are the key components of intelligent manufacture and cannot be handled in the same way as ITS counterparts
APPLICATION AND DISCUSSION In supervisory level, a data set of 41 dimension and including 2200 samples are collected from a SCADA system which are combined with Modbus/TCP protocol data and traffic data
Summary
There are different aspects between Information Technology System(ITS) and Industrial Control System(ICS) networks: the performance requirements, risk management requirements, and communication etc. [1]. The security of a SCADA system including the protection of the physical infrastructures and the controlled processes, communication protocols, asset management, and so on [2], which are the key components of intelligent manufacture and cannot be handled in the same way as ITS counterparts These key components usually including computers, servers, network equipments, Remote Terminal Units (RTU), Programmable Logical Controllers (PLC), Distributed Control Systems (DCS) and the supporting softwares like Human Machine Interface (HMI). By using the vulnerabilities of the protocols in SCADA systems the above attacks can tamper the data between the sensors and the controllers to break the control logic of the process which can cause the process out of control and result in physical damage.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
