585 research outputs found
SCADA System Testbed for Cybersecurity Research Using Machine Learning Approach
This paper presents the development of a Supervisory Control and Data
Acquisition (SCADA) system testbed used for cybersecurity research. The testbed
consists of a water storage tank's control system, which is a stage in the
process of water treatment and distribution. Sophisticated cyber-attacks were
conducted against the testbed. During the attacks, the network traffic was
captured, and features were extracted from the traffic to build a dataset for
training and testing different machine learning algorithms. Five traditional
machine learning algorithms were trained to detect the attacks: Random Forest,
Decision Tree, Logistic Regression, Naive Bayes and KNN. Then, the trained
machine learning models were built and deployed in the network, where new tests
were made using online network traffic. The performance obtained during the
training and testing of the machine learning models was compared to the
performance obtained during the online deployment of these models in the
network. The results show the efficiency of the machine learning models in
detecting the attacks in real time. The testbed provides a good understanding
of the effects and consequences of attacks on real SCADA environmentsComment: E-Preprin
Assessing and augmenting SCADA cyber security: a survey of techniques
SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability
Recommended from our members
LAYING THE FOUNDATION FOR A MINIATUAIRZED SCADA TESTBED TO BE BUILT AT CSUSB
This culminating experience sought to lay the foundation for a miniaturized physical SCADA testbed to be built at California State University San Bernardino to enable students to apply the cybersecurity knowledge, skills and abilities in a fun and engaging environment while learning about what SCADA is, how it works, and how to improve the security of it. This project was conducted in response to a growing trend of cybersecurity attacks that have targeted our critical infrastructure systems through SCADA systems which are legacy systems that manage critical infrastructure systems within the past 10 years. Since SCADA systems require constant availability, it makes it hard to test the security of these devices which is why testbeds have been designed to analyze how a cyber-attack affects these systems in a safe environment. To build a SCADA testbed at CSUSB this project designed a requirements documentation based on the following questions so that the next person that wants to accomplish this task can take the requirements outlined and build a miniaturized physical SCADA testbed. To craft the appropriate requirements documentation this project aimed to answer the following questions: Q1. How can a miniaturized SCADA testbed be built for a school environment using open-source architecture? Q2. What critical infrastructure sectors can be easily implemented into a physical SCADA testbed? Q3. Which cyber-attacks can be easily replicable in a SCADA scenario-based environment? Q4. How should SCADA scenarios be modeled for an implementation into this testbed? To answer these questions, research was conducted utilizing scholarly articles on currently available SCADA testbeds, conducted interviews with individuals that have built SCADA testbeds, and distributed a survey to different SCADA professionals to build a requirement documentation for the miniaturized SCADA testbed, which included functional and nonfunctional requirements, use case diagrams and detailed use cases. After gathering the data from 3 different interviews with SCADA professionals and aggregating responses of the surveys we crafted a requirements documentation which includes a requirements documentation, detailed use cases, use case diagrams, and a classes and relationship chart so that the next individual who works on this project can use these ideas and begin construction of a miniaturized SCADA testbed at CSUSB
A Survey on Industrial Control System Testbeds and Datasets for Security Research
The increasing digitization and interconnection of legacy Industrial Control
Systems (ICSs) open new vulnerability surfaces, exposing such systems to
malicious attackers. Furthermore, since ICSs are often employed in critical
infrastructures (e.g., nuclear plants) and manufacturing companies (e.g.,
chemical industries), attacks can lead to devastating physical damages. In
dealing with this security requirement, the research community focuses on
developing new security mechanisms such as Intrusion Detection Systems (IDSs),
facilitated by leveraging modern machine learning techniques. However, these
algorithms require a testing platform and a considerable amount of data to be
trained and tested accurately. To satisfy this prerequisite, Academia,
Industry, and Government are increasingly proposing testbed (i.e., scaled-down
versions of ICSs or simulations) to test the performances of the IDSs.
Furthermore, to enable researchers to cross-validate security systems (e.g.,
security-by-design concepts or anomaly detectors), several datasets have been
collected from testbeds and shared with the community. In this paper, we
provide a deep and comprehensive overview of ICSs, presenting the architecture
design, the employed devices, and the security protocols implemented. We then
collect, compare, and describe testbeds and datasets in the literature,
highlighting key challenges and design guidelines to keep in mind in the design
phases. Furthermore, we enrich our work by reporting the best performing IDS
algorithms tested on every dataset to create a baseline in state of the art for
this field. Finally, driven by knowledge accumulated during this survey's
development, we report advice and good practices on the development, the
choice, and the utilization of testbeds, datasets, and IDSs
On specification-based cyber-attack detection in smart grids
The transformation of power grids into intelligent cyber-physical systems brings numerous benefits, but also significantly increases the surface for cyber-attacks, demanding appropriate countermeasures. However, the development, validation, and testing of data-driven countermeasures against cyber-attacks, such as machine learning-based detection approaches, lack important data from real-world cyber incidents. Unlike attack data from real-world cyber incidents, infrastructure knowledge and standards are accessible through expert and domain knowledge. Our proposed approach uses domain knowledge to define the behavior of a smart grid under non-attack conditions and detect attack patterns and anomalies. Using a graph-based specification formalism, we combine cross-domain knowledge that enables the generation of whitelisting rules not only for statically defined protocol fields but also for communication flows and technical operation boundaries. Finally, we evaluate our specification-based intrusion detection system against various attack scenarios and assess detection quality and performance. In particular, we investigate a data manipulation attack in a future-orientated use case of an IEC 60870-based SCADA system that controls distributed energy resources in the distribution grid. Our approach can detect severe data manipulation attacks with high accuracy in a timely and reliable manner
KYPO4INDUSTRY: A Testbed for Teaching Cybersecurity of Industrial Control Systems
There are different requirements on cybersecurity of industrial control systems and information technology systems. This fact exacerbates the global issue of hiring cybersecurity employees with relevant skills. In this paper, we present KYPO4INDUSTRY training facility and a course syllabus for beginner and intermediate computer science students to learn cybersecurity in a simulated industrial environment. The training facility is built using open-source hardware and software and provides reconfigurable modules of industrial control systems. The course uses a flipped classroom format with hands-on projects: the students create educational games that replicate real cyber attacks. Throughout the semester, they learn to understand the risks and gain capabilities to respond to cyber attacks that target industrial control systems. Our described experience from the design of the testbed and its usage can help any educator interested in teaching cybersecurity of cyber-physical systems
Machine Learning Based Network Vulnerability Analysis of Industrial Internet of Things
It is critical to secure the Industrial Internet of Things (IIoT) devices
because of potentially devastating consequences in case of an attack. Machine
learning and big data analytics are the two powerful leverages for analyzing
and securing the Internet of Things (IoT) technology. By extension, these
techniques can help improve the security of the IIoT systems as well. In this
paper, we first present common IIoT protocols and their associated
vulnerabilities. Then, we run a cyber-vulnerability assessment and discuss the
utilization of machine learning in countering these susceptibilities. Following
that, a literature review of the available intrusion detection solutions using
machine learning models is presented. Finally, we discuss our case study, which
includes details of a real-world testbed that we have built to conduct
cyber-attacks and to design an intrusion detection system (IDS). We deploy
backdoor, command injection, and Structured Query Language (SQL) injection
attacks against the system and demonstrate how a machine learning based anomaly
detection system can perform well in detecting these attacks. We have evaluated
the performance through representative metrics to have a fair point of view on
the effectiveness of the methods
Development of smart grid testbed with low-cost hardware and software for cybersecurity research and education
Smart Grid, also known as the next generation of the power grid, is considered as a power infrastructure with advanced information and communication technologies (ICT) that will enhance the efficiency and reliability of power systems. For the essential benefits that come with Smart Grid, there are also security risks due to the complexity of advanced ICT utilized in the architecture of Smart Grid to interconnect a huge number of devices and subsystems. Cybersecurity is one of the emerging major threats in Smart Grid that needs to be considered as the attack surface increased. To prevent cyber-attacks, new techniques and methods need to be evaluated in a real-world environment or in a testbed. However, the costs for setting-up Smart Grid testbed is extensive. In this article, we focused on the development of a smart grid testbed with a low-cost hardware and software for cybersecurity research and education. As a case study, we evaluated the testbed with most common cyber-attack such as denial of service (DoS) attack. In addition, the testbed is a useful resource for cybersecurity research and education on different aspects of SCADA systems such as protocol implementation, and PLC programming
A Systematic Review of the State of Cyber-Security in Water Systems
Critical infrastructure systems are evolving from isolated bespoke systems to those that use general-purpose computing hosts, IoT sensors, edge computing, wireless networks and artificial intelligence. Although this move improves sensing and control capacity and gives better integration with business requirements, it also increases the scope for attack from malicious entities that intend to conduct industrial espionage and sabotage against these systems. In this paper, we review the state of the cyber-security research that is focused on improving the security of the water supply and wastewater collection and treatment systems that form part of the critical national infrastructure. We cover the publication statistics of the research in this area, the aspects of security being addressed, and future work required to achieve better cyber-security for water systems
A Review of Testbeds on SCADA Systems with Malware Analysis
Supervisory control and data acquisition (SCADA) systems are among the major types of Industrial Control Systems (ICS) and are responsible for monitoring and controlling essential infrastructures such as power generation, water treatment, and transportation. Very common and with high added-value, these systems have malware as one of their main threats, and due to their characteristics, it is practically impossible to test the security of a system without compromising it, requiring simulated test platforms to verify their cyber resilience. This review will discuss the most recent studies on ICS testbeds with a focus on cybersecurity and malware impact analysis
- …