Analysis and Report on Intrusion Detection in SCADA Systems
VerifiedAdded on 2020/07/23
|39
|11816
|84
Report
AI Summary
This report focuses on intrusion detection within Supervisory Control and Data Acquisition (SCADA) systems, crucial for managing critical infrastructure in various sectors. The report highlights the increasing security concerns due to network connectivity and the need for robust intrusion detection systems (IDS). It introduces two datasets designed to support IDS research, including network traffic captured from a gas pipeline SCADA system. The report addresses the lack of common frameworks for training and testing IDS algorithms, which has limited the comparison of research progress. It explores SCADA system threats, the components of SCADA systems, and the history of attacks like Stuxnet and Flame. The report details the project methodology, including the creation and validation of datasets, and provides an overview of the literature review, discussing the challenges in securing SCADA systems and the importance of developing effective intrusion detection methods. The report aims to contribute to both industry and research by providing valuable data and insights into the vulnerabilities and security measures of SCADA systems.
Intrusion Detection on
SCADA
SCADA
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Abstract
Supervisory Control and data acquisition (SCADA) systems holds a responsibility of
managing and controlling the systems in various sectors such as the economic as well as
industrial. Before some time, all these SCADA systems were unaware of the other networks but
maximized because of internet connections. There were various data sets but two were specially
introduced for providing some sort of support to the intrusion detection systems. The traffic of
the network was captured on a gas pipeline SCADA system. This report will use a new SCADA
system to monitor and control industrial control systems in many industries as well as economic
sectors. Although when there is an introduction of a new system, various types of threats are
common. The same way, there must be some threats as well. There is a rise in the security
concerns due to this new found connectivity. To the researchers and industry, this thesis can act
as a primary contribution. For SCADA system two datasets have been introduced. These has
been introduced to support the intrusion detection system. The network traffic captured on gas
pipeline has been included in the dataset. In order to train and test proposed algorithms, IDS
researcher lack in a common framework. The researchers at the IDS lab were lacking in a
framework which was meant for training and testing the proposed algorithms. These factors have
lead the inability which makes a great comparison between the limits of the literature and the
research progress. There has been made a contribution for the industry and the research as well.
Supervisory Control and data acquisition (SCADA) systems holds a responsibility of
managing and controlling the systems in various sectors such as the economic as well as
industrial. Before some time, all these SCADA systems were unaware of the other networks but
maximized because of internet connections. There were various data sets but two were specially
introduced for providing some sort of support to the intrusion detection systems. The traffic of
the network was captured on a gas pipeline SCADA system. This report will use a new SCADA
system to monitor and control industrial control systems in many industries as well as economic
sectors. Although when there is an introduction of a new system, various types of threats are
common. The same way, there must be some threats as well. There is a rise in the security
concerns due to this new found connectivity. To the researchers and industry, this thesis can act
as a primary contribution. For SCADA system two datasets have been introduced. These has
been introduced to support the intrusion detection system. The network traffic captured on gas
pipeline has been included in the dataset. In order to train and test proposed algorithms, IDS
researcher lack in a common framework. The researchers at the IDS lab were lacking in a
framework which was meant for training and testing the proposed algorithms. These factors have
lead the inability which makes a great comparison between the limits of the literature and the
research progress. There has been made a contribution for the industry and the research as well.
Table of Contents
Abstract...........................................................................................................................................2
INTRODUCTION...........................................................................................................................1
Background.................................................................................................................................1
Research Contributions..............................................................................................................3
Organisation................................................................................................................................4
Literature review..............................................................................................................................5
SCADA System Threats.............................................................................................................5
Detection of Intrusion ................................................................................................................7
SCADA Datasets and test beds................................................................................................10
Project Methodology......................................................................................................................11
ARFF dataset.............................................................................................................................13
Outcome.........................................................................................................................................23
Dataset Validation.....................................................................................................................23
Discussion .....................................................................................................................................29
Raw Dataset..............................................................................................................................30
CONCLUSION..............................................................................................................................31
REFLECTION ..............................................................................................................................32
REFERENCES..............................................................................................................................34
Abstract...........................................................................................................................................2
INTRODUCTION...........................................................................................................................1
Background.................................................................................................................................1
Research Contributions..............................................................................................................3
Organisation................................................................................................................................4
Literature review..............................................................................................................................5
SCADA System Threats.............................................................................................................5
Detection of Intrusion ................................................................................................................7
SCADA Datasets and test beds................................................................................................10
Project Methodology......................................................................................................................11
ARFF dataset.............................................................................................................................13
Outcome.........................................................................................................................................23
Dataset Validation.....................................................................................................................23
Discussion .....................................................................................................................................29
Raw Dataset..............................................................................................................................30
CONCLUSION..............................................................................................................................31
REFLECTION ..............................................................................................................................32
REFERENCES..............................................................................................................................34
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
INTRODUCTION
Background
The utilities that act very critical are being managed and controlled by the Supervisory
Control and Data Acquisitions (SCADA). There are various controlled systems involved which
includes the railroads, pipelines, power plants etc. Sometime before, these all systems were
excluded from the other various networks but now have been desegregated with the corporate
networks and the Internet. This integration with the various networks have maximized the
control of the organisations, thus savings have been also accounted up for the same. Various
security concerns are also needed to be analysed because of these new connections. The
susceptibility may exist in any of the system, if so, then it will permit the attackers to exploit the
data completely, thus having all the control over the SCADA systems. This control over can
cause breakdown in the hardware, thus harming the lives of the people.
The visualisation and control of the critical infrastructure systems have been controlled
by the SCADA systems. Four components have been used for the composition of these systems.
The first part contains the sensors and actuators, the second has programmable logic controllers
(PLCs), third is the supervisory control. Sensors are devices which collects the information about
a system (Hall and et.al., 2009). The state of the system is being controlled by the actuators
which involves motor, pump etc. PLCs has the responsibility of managing the collected data
representing the state of system. These controllers can also be considered as remote terminal
units (RTUs). The master terminal unit (MTU) interacts with these controls by managing and
handling them. Various protocols are there for carrying out whole communication such as
Fieldbus, Profibus, Distributed Network Protocol Version 3 (DNP3) and Modbus. Human
machine interface (HMI) is categorised as the final level. It is being used by an operator for
representation of the MTU's collected information. The role of an HMI is to manage the
representation of the system along with its sub systems. It also has another role of exchanging
parameters within the SCADA systems for continuing the interaction with the MTU. A simple
SCADA system is represented below:
1
Background
The utilities that act very critical are being managed and controlled by the Supervisory
Control and Data Acquisitions (SCADA). There are various controlled systems involved which
includes the railroads, pipelines, power plants etc. Sometime before, these all systems were
excluded from the other various networks but now have been desegregated with the corporate
networks and the Internet. This integration with the various networks have maximized the
control of the organisations, thus savings have been also accounted up for the same. Various
security concerns are also needed to be analysed because of these new connections. The
susceptibility may exist in any of the system, if so, then it will permit the attackers to exploit the
data completely, thus having all the control over the SCADA systems. This control over can
cause breakdown in the hardware, thus harming the lives of the people.
The visualisation and control of the critical infrastructure systems have been controlled
by the SCADA systems. Four components have been used for the composition of these systems.
The first part contains the sensors and actuators, the second has programmable logic controllers
(PLCs), third is the supervisory control. Sensors are devices which collects the information about
a system (Hall and et.al., 2009). The state of the system is being controlled by the actuators
which involves motor, pump etc. PLCs has the responsibility of managing the collected data
representing the state of system. These controllers can also be considered as remote terminal
units (RTUs). The master terminal unit (MTU) interacts with these controls by managing and
handling them. Various protocols are there for carrying out whole communication such as
Fieldbus, Profibus, Distributed Network Protocol Version 3 (DNP3) and Modbus. Human
machine interface (HMI) is categorised as the final level. It is being used by an operator for
representation of the MTU's collected information. The role of an HMI is to manage the
representation of the system along with its sub systems. It also has another role of exchanging
parameters within the SCADA systems for continuing the interaction with the MTU. A simple
SCADA system is represented below:
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Figure 1Simple SCADA system
As per the requirements of the Corporate Network Interconnection and Security Aspects
of SCADA, these systems were developed to be vigorous, open and that can be easily used and
modified when necessary. It was unsure at that time whether these are secure enough or not.
There are three features which are missing from the structure of the system and these are lack of
authentication of the protocols that are being accessed by the SCADA systems, secured systems
through obscurity etc. It may also lead to imitation of the information and data that is being
received by the RTU and the MTU (Dell Security Annual Threat Report, 2015). It means the
people who are currently operating the specialised protocols and equipment think that no
outsider or any external body will be able to manage it in a way that they used to. The final
factor considers the notion that no trespasser can harm any of their system as it is wholly secure
physically. These features have made the infrastructure system endangered which requires
various cyber security protections.
Various researchers are monitoring the security features in the SCADA systems so that
they can exclude some frailness by giving some specific required solutions. Stuxnet, an attack
held at Iran in 2010, given the uranium rich plants by aiming the Siemens step 7 software. This
software is being used for programming the PLCs, which are considered as the digital devices
2
As per the requirements of the Corporate Network Interconnection and Security Aspects
of SCADA, these systems were developed to be vigorous, open and that can be easily used and
modified when necessary. It was unsure at that time whether these are secure enough or not.
There are three features which are missing from the structure of the system and these are lack of
authentication of the protocols that are being accessed by the SCADA systems, secured systems
through obscurity etc. It may also lead to imitation of the information and data that is being
received by the RTU and the MTU (Dell Security Annual Threat Report, 2015). It means the
people who are currently operating the specialised protocols and equipment think that no
outsider or any external body will be able to manage it in a way that they used to. The final
factor considers the notion that no trespasser can harm any of their system as it is wholly secure
physically. These features have made the infrastructure system endangered which requires
various cyber security protections.
Various researchers are monitoring the security features in the SCADA systems so that
they can exclude some frailness by giving some specific required solutions. Stuxnet, an attack
held at Iran in 2010, given the uranium rich plants by aiming the Siemens step 7 software. This
software is being used for programming the PLCs, which are considered as the digital devices
2
handling the industrial systems. The windows environment has been introduced with it and
initiated their search for the Siemen's software. There was a play book named How Stuxnet is
rewriting the cyber terrorism play book, after the identification of the software, Stuxnet was free
enough to have the required data and putting the system in a critical phase. Re writing firmware
and the ladder logic made this possible on PLC. This, further permits the attacker to forcefully
produce false responses towards PLC.
The SCADA system has also been attacked by another attacker, Flame which was able to
collect the surveillance information. There is similarity between Flame and Stuxnet such that all
the systems that are windows based are infected by it. the only distinguishable fact between the
both is that the Flame does not focus on doing any harm, rather it focuses on collecting and
streaming of the data to the control server (Boyer and Stuart, 2014). After that, the filtration
takes place and the outcomes can be represented to the operator at the end. This specific attack
was being used in Iran for acquiring information of other states.
Aurora, another event by Idaho National laboratory, was being represented to the
government to discuss about the seriousness of these ongoing attacks. It was being experienced
on a temporary basis in which it duplicated the controls of the power system. The control system
was targeted first by the attack and also tried to include and exclude the circuit breakers. Because
of a minor change in the operation cycle, a fully damaged generator was the last and their final
goal which would have caused a fatal condition of the phase. Instead, it has not been imitated in
real but they were successful in grabbing the attention of government. Also, they were able to
increase the development in industrial control system (ICS).
An Intrusion detection system (IDS) can help in detecting and alerting the operators so
that they can prevent the system from further damages. IDS act as very essential part of
providing security features in any system that is communication based. It seems perfect to
manage and analyse the further conditions. In SCADA systems, these are being trained with data
logs which demonstrates the actual traffic. Any dataset which can modify and improve the IDS
system which is required.
Research Contributions
A primary contribution has been made to the industry and the researches. This
contribution involves two data sets which can be used for replacement of a previous one. The
3
initiated their search for the Siemen's software. There was a play book named How Stuxnet is
rewriting the cyber terrorism play book, after the identification of the software, Stuxnet was free
enough to have the required data and putting the system in a critical phase. Re writing firmware
and the ladder logic made this possible on PLC. This, further permits the attacker to forcefully
produce false responses towards PLC.
The SCADA system has also been attacked by another attacker, Flame which was able to
collect the surveillance information. There is similarity between Flame and Stuxnet such that all
the systems that are windows based are infected by it. the only distinguishable fact between the
both is that the Flame does not focus on doing any harm, rather it focuses on collecting and
streaming of the data to the control server (Boyer and Stuart, 2014). After that, the filtration
takes place and the outcomes can be represented to the operator at the end. This specific attack
was being used in Iran for acquiring information of other states.
Aurora, another event by Idaho National laboratory, was being represented to the
government to discuss about the seriousness of these ongoing attacks. It was being experienced
on a temporary basis in which it duplicated the controls of the power system. The control system
was targeted first by the attack and also tried to include and exclude the circuit breakers. Because
of a minor change in the operation cycle, a fully damaged generator was the last and their final
goal which would have caused a fatal condition of the phase. Instead, it has not been imitated in
real but they were successful in grabbing the attention of government. Also, they were able to
increase the development in industrial control system (ICS).
An Intrusion detection system (IDS) can help in detecting and alerting the operators so
that they can prevent the system from further damages. IDS act as very essential part of
providing security features in any system that is communication based. It seems perfect to
manage and analyse the further conditions. In SCADA systems, these are being trained with data
logs which demonstrates the actual traffic. Any dataset which can modify and improve the IDS
system which is required.
Research Contributions
A primary contribution has been made to the industry and the researches. This
contribution involves two data sets which can be used for replacement of a previous one. The
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Gao data set was not suitable for the research of the IDS. In the Mississippi State University's in
house SCADA gas pipeline, Network transactions within MTU and the RTU is the data collected
in the data set. For replication of the real attacks and the activities of the operators on the
pipeline of the gas, various new data sets were collected with the help of a novel framework.
When compared with a previous data set, it was found that all the issues that affected were
resolved.
Features have been categorised in three different forms which includes payload
information, network data and labels. The network data provides a specific technique for
intruding the detection structure for competing against. SCADA systems have various network
topologies which are already decided and there are repetitive nodes as well. These systems do
not act like Information technology (IT) networks. It acts conductive with the IDS and is
conscious enough to detect any abnormal activity. Another category compiles of the payload
information. It provides the data about the pipeline state of the gas, parameters etc. These factors
of the system are enough for understanding the level of performance and also it will be able to
monitor if it is present in critical state as well.
For the assessment of performance of the SCADA system, data sets are suggested to be
used in the aid researches with the help of original patterns of the SCADA attacks and operations
of the HMI as well. These systems have a longer life line so it fixes the interactions patterns also.
Then, these data sets are permitted to be used for utilizing SCADA IDS structures by giving
some general characteristics.
Organisation
The next chapter covers the threatening areas of the SCADA systems, critical
infrastructure systems for the IDS along with an evaluation of the test beds and data sets of the
SCADA. It will be properly defined in this chapter that what is the importance of these data sets
and how this can prove purposeful to the people around. Third chapter, will be sufficiently able
to demonstrate the pipeline system of the gas which helped the data sets to be created adding up
the methodologies and framework which is to be implemented as well. Further two sections of
the third chapter describe the two data sets which will be created. It includes the raw network
transaction data and the information that is being collected from the first. Along with all this,
another section in the chapter comprises of the data set that has been improvised from the earlier
4
house SCADA gas pipeline, Network transactions within MTU and the RTU is the data collected
in the data set. For replication of the real attacks and the activities of the operators on the
pipeline of the gas, various new data sets were collected with the help of a novel framework.
When compared with a previous data set, it was found that all the issues that affected were
resolved.
Features have been categorised in three different forms which includes payload
information, network data and labels. The network data provides a specific technique for
intruding the detection structure for competing against. SCADA systems have various network
topologies which are already decided and there are repetitive nodes as well. These systems do
not act like Information technology (IT) networks. It acts conductive with the IDS and is
conscious enough to detect any abnormal activity. Another category compiles of the payload
information. It provides the data about the pipeline state of the gas, parameters etc. These factors
of the system are enough for understanding the level of performance and also it will be able to
monitor if it is present in critical state as well.
For the assessment of performance of the SCADA system, data sets are suggested to be
used in the aid researches with the help of original patterns of the SCADA attacks and operations
of the HMI as well. These systems have a longer life line so it fixes the interactions patterns also.
Then, these data sets are permitted to be used for utilizing SCADA IDS structures by giving
some general characteristics.
Organisation
The next chapter covers the threatening areas of the SCADA systems, critical
infrastructure systems for the IDS along with an evaluation of the test beds and data sets of the
SCADA. It will be properly defined in this chapter that what is the importance of these data sets
and how this can prove purposeful to the people around. Third chapter, will be sufficiently able
to demonstrate the pipeline system of the gas which helped the data sets to be created adding up
the methodologies and framework which is to be implemented as well. Further two sections of
the third chapter describe the two data sets which will be created. It includes the raw network
transaction data and the information that is being collected from the first. Along with all this,
another section in the chapter comprises of the data set that has been improvised from the earlier
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
one. Then, at last there would be the last chapter compiling of the conclusions came from this
research.
Literature review
SCADA System Threats
Using the SCADA network traffic, it has become easy and simple for the researchers to
study and develop IDS systems. These SCADA systems, day by day are becoming more unsafe
to the external parties and also have threatened the professionals as well. In the overview of
Security for Process Control, it has discussed the value of the industrial control systems by
including various challenges of the security of SCADA and also providing support and help to
have the outcomes of the challenges (Almalawi and et.al, 2014). Various types of security threats
are also included in the SCADA systems. In the Challenges and direction towards secure
communication, the issues regarding the security in the SCADA has been discussed along with
the smart grid technologies. It has been discussed in detail that these open regulation protocols
are discovering various cyber-attacks. On isolated networks, these protocols have been made, the
security features have not been discussed there as they are not being attached to the larger
networks. According to Hong and Lee, there were some issues with the intrusion detection
systems also. For determining any abnormal activity in the system, it was asking for the various
network traffic patterns by which it can be able to find easily. There is a requirement of a data set
demonstrating the original SCADA system which must be including the peculiar traffic for
preparing the IDS that is being customized for applications of SCADA. As per Kang and et.al
(2009), it has involved various problems of the SCADA system. The table represented below
5
research.
Literature review
SCADA System Threats
Using the SCADA network traffic, it has become easy and simple for the researchers to
study and develop IDS systems. These SCADA systems, day by day are becoming more unsafe
to the external parties and also have threatened the professionals as well. In the overview of
Security for Process Control, it has discussed the value of the industrial control systems by
including various challenges of the security of SCADA and also providing support and help to
have the outcomes of the challenges (Almalawi and et.al, 2014). Various types of security threats
are also included in the SCADA systems. In the Challenges and direction towards secure
communication, the issues regarding the security in the SCADA has been discussed along with
the smart grid technologies. It has been discussed in detail that these open regulation protocols
are discovering various cyber-attacks. On isolated networks, these protocols have been made, the
security features have not been discussed there as they are not being attached to the larger
networks. According to Hong and Lee, there were some issues with the intrusion detection
systems also. For determining any abnormal activity in the system, it was asking for the various
network traffic patterns by which it can be able to find easily. There is a requirement of a data set
demonstrating the original SCADA system which must be including the peculiar traffic for
preparing the IDS that is being customized for applications of SCADA. As per Kang and et.al
(2009), it has involved various problems of the SCADA system. The table represented below
5
various attacks and the specific systems.
Implementation of these attacks have been made so as to access the servers managing the
SCADA systems. After any of the server is being compromised, the attacker becomes able to use
the workstations operating the main process. According to Valentine and et.al., it discusses the
situations that can occur at the time of compromised. It also covers the fact that the ladder logic
of the PLCs was unsuccessful in providing the protective features for various errors. Various
intentional as well as unintentional errors have been discussed in the application level. The
outcomes represented the need of validation and verification of the specific tools for providing
another protection layer to the PLCs. Related to Hong and Lee, Dzung and et.al., 2005, there
were huge amount of problems in the communication networks for the industrial applications.
Also, a proper list has been provided which were quite common to the application domain. With
6
Implementation of these attacks have been made so as to access the servers managing the
SCADA systems. After any of the server is being compromised, the attacker becomes able to use
the workstations operating the main process. According to Valentine and et.al., it discusses the
situations that can occur at the time of compromised. It also covers the fact that the ladder logic
of the PLCs was unsuccessful in providing the protective features for various errors. Various
intentional as well as unintentional errors have been discussed in the application level. The
outcomes represented the need of validation and verification of the specific tools for providing
another protection layer to the PLCs. Related to Hong and Lee, Dzung and et.al., 2005, there
were huge amount of problems in the communication networks for the industrial applications.
Also, a proper list has been provided which were quite common to the application domain. With
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
the help of various conventional and emerging technologies, it is possible enough to protect the
control systems industrially. A very common recommendation of it can be the intrusion detection
systems. These types of systems act essential for giving the real-time data of any normal or
abnormal activity. The intrusion detection systems will be discussed in the next chapter below.
Detection of Intrusion
This method is utilized for analysing and collecting the system activity data so that it will
be able to monitor status of a system. It also helps in a proper examination of the state of system
and in performing the integrity checks on different files in a system. Various machine learning
algorithms have been used by many IDS in order to control and detect the threats that seems
abnormal for a certain system. Signature based systems have also been used by many IDS so that
they can be able to compare the activities and processes about the known threats. For a perfect
detection system, all these features can be combined together and it will also help in providing an
efficient layer of protection from various attacks.
There are three components of an IDS and it includes the Network Intrusion Detection
systems (NIDS). It uses a signature based system for the determination of the various processes
and activities in the system that is everything within normal factors or it can be found in the
known attack's database. The activity is being reported to the administrator or operator in the
case where the NIDS has found a match of a signature. The NIDS helps in providing a warning.
Rather it does not prevent it from the on-going traffic ( Sugwon and Myongho, 2010). Another
component is considered as the Network node intrusion detection system (NNIDS) which seems
more effective for the interaction within a single bus system and a control station. Although, it is
quite similar to the NIDS, but it also gives analysis of the behaviour along with the pattern
recognition. An algorithm is necessary for each control set to work according to its specific
functions. There is a need for specialisation so that higher level of data security can be provided
to the systems. The sub system has the final copy of the security and the process is called as Host
Intrusion Detection System (HIDS). It has the responsibility to analyse the actual state of the
system, thus also can have various integrity checks on it. It helps them in determining whether
there is an abnormal activity or not that may affect the whole process. There has been seen a
lower variability in different states but the changes in the processes can be easily detected with
the help of an installed IDS.
7
control systems industrially. A very common recommendation of it can be the intrusion detection
systems. These types of systems act essential for giving the real-time data of any normal or
abnormal activity. The intrusion detection systems will be discussed in the next chapter below.
Detection of Intrusion
This method is utilized for analysing and collecting the system activity data so that it will
be able to monitor status of a system. It also helps in a proper examination of the state of system
and in performing the integrity checks on different files in a system. Various machine learning
algorithms have been used by many IDS in order to control and detect the threats that seems
abnormal for a certain system. Signature based systems have also been used by many IDS so that
they can be able to compare the activities and processes about the known threats. For a perfect
detection system, all these features can be combined together and it will also help in providing an
efficient layer of protection from various attacks.
There are three components of an IDS and it includes the Network Intrusion Detection
systems (NIDS). It uses a signature based system for the determination of the various processes
and activities in the system that is everything within normal factors or it can be found in the
known attack's database. The activity is being reported to the administrator or operator in the
case where the NIDS has found a match of a signature. The NIDS helps in providing a warning.
Rather it does not prevent it from the on-going traffic ( Sugwon and Myongho, 2010). Another
component is considered as the Network node intrusion detection system (NNIDS) which seems
more effective for the interaction within a single bus system and a control station. Although, it is
quite similar to the NIDS, but it also gives analysis of the behaviour along with the pattern
recognition. An algorithm is necessary for each control set to work according to its specific
functions. There is a need for specialisation so that higher level of data security can be provided
to the systems. The sub system has the final copy of the security and the process is called as Host
Intrusion Detection System (HIDS). It has the responsibility to analyse the actual state of the
system, thus also can have various integrity checks on it. It helps them in determining whether
there is an abnormal activity or not that may affect the whole process. There has been seen a
lower variability in different states but the changes in the processes can be easily detected with
the help of an installed IDS.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
As discussed, there have been a huge amount of limitations for the solutions of the IDS. It
can be false positive rate from the noise that has been produced in the general activities. It has
been introduced in packet or like a malfunctioning hardware. It can be further analysed as quite
abnormal and also reported as a threat to the available operator. These huge amounts of false
reports can have a negative impact on the overall effectiveness of the IDS. This is because it can
erase the threats, causing the ignorance of the warnings. There are various problems with the IDS
solutions but a very common is the regular need of upgrading the signatures. It has been a major
issue with the IDS solutions. Updating of every system is essential but sometimes can be
overlooked by the operators which can also cause some vulnerable changes to the whole system.
Another limitation of this can be considered as the fact that any system with poor authentication
and un identified protocols, cannot be secured by the IDS. The reason behind it can be spoofing.
It only creates problems where a system is recording pressure data. The above example can be
compared with the Aurora attack which was developed for a power system and made it a tough
situation for the generator. In that attack, it was possible enough to place the generator in about
phase state. It could be proved very harmful to the system as well. Out of huge limitations, the
final one was with the analysis of the encrypted traffic. In this, Inserting the packets deeply in an
IDS are not possible. The traffic should be encrypted before the occurrence of any attempt. There
are issues in the processing times and also can affect the IDS for performing in a real time.
Instead of the fact that IDS consist of various limitations, it still has an important role in
providing proper security to the networks.
In computer networks and various virus software's, IDS are being commonly used. For
providing security to the personal computers and the web servers, these systems have an
essential role. Also, they are considering the field of research for ICS professionals. In SCADA
systems, there are various reasons for implementing IDS. A very common example of this can
be the dependence of highly critical structure on the specialised protocols which have been made
in accordance of the ease and reliability (Introduction to Industrial Control Networks, 2012). It
gives priority to these factors rather than giving to the security. These systems depend on the
operators and also requires automated approaches for proper monitoring the general activities of
the system. Various studies have been there to provide a much wider approach which are
sufficient for improving the security features has easily distributed to the system.
8
can be false positive rate from the noise that has been produced in the general activities. It has
been introduced in packet or like a malfunctioning hardware. It can be further analysed as quite
abnormal and also reported as a threat to the available operator. These huge amounts of false
reports can have a negative impact on the overall effectiveness of the IDS. This is because it can
erase the threats, causing the ignorance of the warnings. There are various problems with the IDS
solutions but a very common is the regular need of upgrading the signatures. It has been a major
issue with the IDS solutions. Updating of every system is essential but sometimes can be
overlooked by the operators which can also cause some vulnerable changes to the whole system.
Another limitation of this can be considered as the fact that any system with poor authentication
and un identified protocols, cannot be secured by the IDS. The reason behind it can be spoofing.
It only creates problems where a system is recording pressure data. The above example can be
compared with the Aurora attack which was developed for a power system and made it a tough
situation for the generator. In that attack, it was possible enough to place the generator in about
phase state. It could be proved very harmful to the system as well. Out of huge limitations, the
final one was with the analysis of the encrypted traffic. In this, Inserting the packets deeply in an
IDS are not possible. The traffic should be encrypted before the occurrence of any attempt. There
are issues in the processing times and also can affect the IDS for performing in a real time.
Instead of the fact that IDS consist of various limitations, it still has an important role in
providing proper security to the networks.
In computer networks and various virus software's, IDS are being commonly used. For
providing security to the personal computers and the web servers, these systems have an
essential role. Also, they are considering the field of research for ICS professionals. In SCADA
systems, there are various reasons for implementing IDS. A very common example of this can
be the dependence of highly critical structure on the specialised protocols which have been made
in accordance of the ease and reliability (Introduction to Industrial Control Networks, 2012). It
gives priority to these factors rather than giving to the security. These systems depend on the
operators and also requires automated approaches for proper monitoring the general activities of
the system. Various studies have been there to provide a much wider approach which are
sufficient for improving the security features has easily distributed to the system.
8
IDS have developed an approach that is to be enforced on the SCADA systems and it was
represented in an unattended anomaly based discovery approach for integrity attacks on the
SCADA systems. It was proposed that a learning that is not a supervised algorithm, would act
best on the SCADA network. the theory has also been tested with the help of data and
information from a real or industrial system. It could be a water plant. There were many pre-
processing techniques which were used as the pre-processing techniques and they were
managing the input so that the improved results can come as an outcome. It also controlled the
noise factors that was within the data sets from the water plants. Then, it also has been proposed
that the data sets through the clustering algorithm was a behavioural analysis technique. It was
concluded that this this type of behavioural approach that represents the promising behaviour and
the ability to accomplish high results of discovery. in the specific field. In accordance, the help
of fixed width algorithm, it was easy to achieve the maximum of the detection rate of 90% with a
false negativity of .01%. It is concern with a few factors such as the complexity and time of rule
along with the contained data set. A very common example of this can be the automated
approach which is being highlighted in the “The Security for SCADA detector networks with
honour systems and self-organised maps is improving rapidly. According to Moya, unsupervised
learning algorithms were easy to be used as it accounts the severe processing powers which are
required to apply these techniques. It was important to train the algorithm along with a data set of
normal activities and this can be normal as well as abnormal activities.
When spoofing is implicated, the traffic identical to the normal is a very general problem
because it initiates various legitimate requests that seems similar to the format of the normal
traffic. To set various spoofed packets, it is the responsibility of the quantization errors in the
anomalous clusters.
In many real-life systems there are some products that are used already and the novelty
approach is not used above. The signature databases or rules that are produced by operator are
required as solutions. The one of these products example is Snort IDS. The real time SCADA
network traffic is analysed and logged with the use of Snort IDS. It is a type of NDS. The
network packets can be examined with help of Snort and deep inspection of packets can also be
done. The information within payload of packet can be explored with help of Snort. Such type of
products is defined by rule set that is made by operator of a system. The rules in rule set can
either be created by the profession of that filed or by database of signature. Among source NIDS
9
represented in an unattended anomaly based discovery approach for integrity attacks on the
SCADA systems. It was proposed that a learning that is not a supervised algorithm, would act
best on the SCADA network. the theory has also been tested with the help of data and
information from a real or industrial system. It could be a water plant. There were many pre-
processing techniques which were used as the pre-processing techniques and they were
managing the input so that the improved results can come as an outcome. It also controlled the
noise factors that was within the data sets from the water plants. Then, it also has been proposed
that the data sets through the clustering algorithm was a behavioural analysis technique. It was
concluded that this this type of behavioural approach that represents the promising behaviour and
the ability to accomplish high results of discovery. in the specific field. In accordance, the help
of fixed width algorithm, it was easy to achieve the maximum of the detection rate of 90% with a
false negativity of .01%. It is concern with a few factors such as the complexity and time of rule
along with the contained data set. A very common example of this can be the automated
approach which is being highlighted in the “The Security for SCADA detector networks with
honour systems and self-organised maps is improving rapidly. According to Moya, unsupervised
learning algorithms were easy to be used as it accounts the severe processing powers which are
required to apply these techniques. It was important to train the algorithm along with a data set of
normal activities and this can be normal as well as abnormal activities.
When spoofing is implicated, the traffic identical to the normal is a very general problem
because it initiates various legitimate requests that seems similar to the format of the normal
traffic. To set various spoofed packets, it is the responsibility of the quantization errors in the
anomalous clusters.
In many real-life systems there are some products that are used already and the novelty
approach is not used above. The signature databases or rules that are produced by operator are
required as solutions. The one of these products example is Snort IDS. The real time SCADA
network traffic is analysed and logged with the use of Snort IDS. It is a type of NDS. The
network packets can be examined with help of Snort and deep inspection of packets can also be
done. The information within payload of packet can be explored with help of Snort. Such type of
products is defined by rule set that is made by operator of a system. The rules in rule set can
either be created by the profession of that filed or by database of signature. Among source NIDS
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 39
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.