Network Intrusion Detection based on Deep Neural Networks for the SCADA system

Abstract

Security monitoring is one of the security strategies for the supervisory control and data acquisition (SCADA) systems, and the intrusion detection system (IDS) is a main tool to do security monitoring. Main task of security monitoring is to develop the SCADA-specific IDS, which reflects the semantics of the SCADA domain. In this paper, we work on developing IDS based on deep learning models for the SCADA system. The target SCADA communication protocol of the detection model is the DNP3, which is currently the most commonly utilized communication protocol in the power substation. The attack of major concern is data injection or modification attacks, which is most critical attack in the SCADA system. We extract 12 data features from distributed network protocol 3 (DNP3) packets, and use them to train the deep neural network. We measure the accuracy and loss of the detection system trained based on different deep learning algorithms, and show the comparison of the results.