Attacking and Defending DNP3 ICS/SCADA Systems

Attacking and Defending DNP3 ICS/SCADA Systems

  • Post by:
  • May 30, 2022
  • Comments off

Vasiliki Kelli, Panagiotis Radoglou-Grammatikis, Achilleas Sesis, Thomas Lagkas, Eleftherios Fountoukidis, Emmanouil Kafetzakis, Ioannis Giannoulakis, Panagiotis Sarigiannidis: Attacking and Defending DNP3 ICS/SCADA Systems. 2022 18th International Conference on Distributed Computing in Sensor Systems (DCOSS), 2022, ISBN: 978-1-6654-9512-7.

Abstract

The highly beneficial contribution of intelligent systems in the industrial domain is undeniable. Automation, supervision, remote control, and fault reduction are some of the various advantages new technologies offer. A protocol demonstrating high utility in industrial settings, and specifically, in smart grids, is Distributed Network Protocol 3 (DNP3), a multi-tier, application layer protocol. Notably, multiple industrial protocols are not as securely designed as expected, considering the highly critical operations occurring in their application domain. In this paper, we explore the internal vulnerabilities-by-design of DNP3, and proceed with the implementation of the attacks discovered, demonstrated through 8 DNP3 attack scenarios. Finally, we design and demonstrate a Deep Neural Network (DNN)-based, multi-model Intrusion Detection Systems (IDS), trained with our experimental network flow cyberattack dataset, and compare our solution with multiple machine learning algorithms used for classification. Our solution demonstrates a high efficiency in the classification of DNP3 cyberattacks, showing an accuracy of 99.0%.

BibTeX (Download)

@conference{9881726,
title = {Attacking and Defending DNP3 ICS/SCADA Systems},
author = {Vasiliki Kelli and Panagiotis Radoglou-Grammatikis and Achilleas Sesis and Thomas Lagkas and Eleftherios Fountoukidis and Emmanouil Kafetzakis and Ioannis Giannoulakis and Panagiotis Sarigiannidis},
doi = {10.1109/DCOSS54816.2022.00041},
isbn = {978-1-6654-9512-7},
year  = {2022},
date = {2022-05-30},
booktitle = {2022 18th International Conference on Distributed Computing in Sensor Systems (DCOSS)},
pages = {183-190},
abstract = {The highly beneficial contribution of intelligent systems in the industrial domain is undeniable. Automation, supervision, remote control, and fault reduction are some of the various advantages new technologies offer. A protocol demonstrating high utility in industrial settings, and specifically, in smart grids, is Distributed Network Protocol 3 (DNP3), a multi-tier, application layer protocol. Notably, multiple industrial protocols are not as securely designed as expected, considering the highly critical operations occurring in their application domain. In this paper, we explore the internal vulnerabilities-by-design of DNP3, and proceed with the implementation of the attacks discovered, demonstrated through 8 DNP3 attack scenarios. Finally, we design and demonstrate a Deep Neural Network (DNN)-based, multi-model Intrusion Detection Systems (IDS), trained with our experimental network flow cyberattack dataset, and compare our solution with multiple machine learning algorithms used for classification. Our solution demonstrates a high efficiency in the classification of DNP3 cyberattacks, showing an accuracy of 99.0%.},
keywords = {cyberattack, DNP3, ICS, Intrusion detection, SCADA},
pubstate = {published},
tppubtype = {conference}
}
Categories:
Skip to content