SCADA Full State Network Instrusion and Malfunction Detection System

Anisheh, Mehdi

doi:doi:10.7939/r3-ang5-7617

View

Download

Communities and Collections

Concordia University of Edmonton / Master of Information Systems Security Management (MISSM) and Master of Information Systems Assurance Management (MISAM) Project Reports (Concordia University of Edmonton)

Usage

67 views
62 downloads

SCADA Full State Network Instrusion and Malfunction Detection System

Author(s) / Creator(s)
- Anisheh, Mehdi
Industries are highly dependent on reliable, accurate and automated control systems to monitor equipment that are critical to their operation. Supervisory Control And Data Acquisition (SCADA) is the most advanced control system which is being widely used in industries and it is an attractive target for threat agents. Host based and network based intrusion prevention systems (IPS) and intrusion detection systems (IDS) are the best existing solution to improve
SCADA security against cyber attack. This paper describes the evolution of network intrusion detection systems (NIDS) from signature based NIDS to a novel NIDS based on the general state of the SCADA control system. One of the most recent NIDS is Modbus/DNP3 state-based NIDS, which is a significant improvement toward detecting complicated attacks on SCADA systems. In this paper we investigate the pros and cons of Modbus/DNP3 state-based NIDS and introduce a new technique to address the limitations and weaknesses of this existing technology. We call our proposed enhancement the SCADA Full-State Network Intrusion and Malfunction Detection System (NIMDS). It functions by monitoring SCADA's behavior and double checking the control process.
Date created

2012-01-01
Subjects / Keywords
- SCADA
- threat agent
- cyber attack
- IDS
- IPS
- NIDS
- NIMDS
- state
- state-based
- full-state
Type of Item

Research Material
DOI

https://doi.org/10.7939/r3-ang5-7617
License

Attribution-NonCommercial 4.0 International

Language
- English