DIDEROT: An intrusion detection and prevention system for DNP3-based SCADA systems

DIDEROT: An intrusion detection and prevention system for DNP3-based SCADA systems

  • Post by:
  • Ιανουάριος 1, 2020
  • Comments off

P. Radoglou-Grammatikis, P. Sarigiannidis, G. Efstathopoulos, P.-A. Karypidis, A. Sarigiannidis: DIDEROT: An intrusion detection and prevention system for DNP3-based SCADA systems. 2020.

Περίληψη

In this paper, an Intrusion Detection and Prevention System (IDPS) for the Distributed Network Protocol 3 (DNP3) Supervisory Control and Data Acquisition (SCADA) systems is presented. The proposed IDPS is called DIDEROT (Dnp3 Intrusion DetEction pReventiOn sysTem) and relies on both supervised Machine Learning (ML) and unsupervised/outlier ML detection models capable of discriminating whether a DNP3 network flow is related to a particular DNP3 cyberattack or anomaly. First, the supervised ML detection model is applied, trying to identify whether a DNP3 network flow is related to a specific DNP3 cyberattack. If the corresponding network flow is detected as normal, then the unsupervised/outlier ML anomaly detection model is activated, seeking to recognise the presence of a possible anomaly. Based on the DIDEROT detection results, the Software Defined Networking (SDN) technology is adopted in order to mitigate timely the corresponding DNP3 cyberattacks and anomalies. The performance of DIDEROT is demonstrated using real data originating from a substation environment. © 2020 ACM.

BibTeX (Download)

@conference{Radoglou-Grammatikis2020b,
title = {DIDEROT: An intrusion detection and prevention system for DNP3-based SCADA systems},
author = { P. Radoglou-Grammatikis and P. Sarigiannidis and G. Efstathopoulos and P.-A. Karypidis and A. Sarigiannidis},
url = {https://www.researchgate.net/publication/343853580_DIDEROT_an_intrusion_detection_and_prevention_system_for_DNP3-based_SCADA_systems},
doi = {10.1145/3407023.3409314},
year  = {2020},
date = {2020-01-01},
journal = {ACM International Conference Proceeding Series},
abstract = {In this paper, an Intrusion Detection and Prevention System (IDPS) for the Distributed Network Protocol 3 (DNP3) Supervisory Control and Data Acquisition (SCADA) systems is presented. The proposed IDPS is called DIDEROT (Dnp3 Intrusion DetEction pReventiOn sysTem) and relies on both supervised Machine Learning (ML) and unsupervised/outlier ML detection models capable of discriminating whether a DNP3 network flow is related to a particular DNP3 cyberattack or anomaly. First, the supervised ML detection model is applied, trying to identify whether a DNP3 network flow is related to a specific DNP3 cyberattack. If the corresponding network flow is detected as normal, then the unsupervised/outlier ML anomaly detection model is activated, seeking to recognise the presence of a possible anomaly. Based on the DIDEROT detection results, the Software Defined Networking (SDN) technology is adopted in order to mitigate timely the corresponding DNP3 cyberattacks and anomalies. The performance of DIDEROT is demonstrated using real data originating from a substation environment. © 2020 ACM.},
keywords = {Anomaly Detection, Autonencoder, Intrusion detection, machine learning, SCADA, SDN, Smart Grid},
pubstate = {published},
tppubtype = {conference}
}
Κατηγορία
Μετάβαση στο περιεχόμενο