Probability Risk Identification Based Intrusion Detection System for SCADA Systems
This addresses cybersecurity for critical infrastructure SCADA systems, but it is incremental as it focuses on a specific attack type using existing methods.
The paper tackles the problem of replay attacks in SCADA systems by proposing a Probability Risk Identification based Intrusion Detection System (PRI-IDS) that analyzes Modbus TCP/IP network traffic, and the results show it can effectively and efficiently recognize these attacks.
. As Supervisory Control and Data Acquisition (SCADA) systems control several critical infrastructures, they have connected to the internet. Consequently, SCADA systems face different sophisticated types of cyber adversaries. This paper suggests a Probability Risk Identification based Intrusion Detection System (PRI-IDS) technique based on analysing network traffic of Modbus TCP/IP for identifying replay attacks. It is acknowledged that Modbus TCP is usually vulnerable due to its unauthenticated and unencrypted nature. Our technique is evaluated using a simulation environment by configuring a testbed, which is a cus- tom SCADA network that is cheap, accurate and scalable. The testbed is exploited when testing the IDS by sending individual packets from an attacker located on the same LAN as the Modbus master and slave. The experimental results demonstrated that the proposed technique can effectively and efficiently recognise replay attacks.