SCADA Full State Network Instrusion and Malfunction Detection System

  • Author(s) / Creator(s)
  • Industries are highly dependent on reliable, accurate and automated control systems to monitor equipment that are critical to their operation. Supervisory Control And Data Acquisition (SCADA) is the most advanced control system which is being widely used in industries and it is an attractive target for threat agents. Host based and network based intrusion prevention systems (IPS) and intrusion detection systems (IDS) are the best existing solution to improve
    SCADA security against cyber attack. This paper describes the evolution of network intrusion detection systems (NIDS) from signature based NIDS to a novel NIDS based on the general state of the SCADA control system. One of the most recent NIDS is Modbus/DNP3 state-based NIDS, which is a significant improvement toward detecting complicated attacks on SCADA systems. In this paper we investigate the pros and cons of Modbus/DNP3 state-based NIDS and introduce a new technique to address the limitations and weaknesses of this existing technology. We call our proposed enhancement the SCADA Full-State Network Intrusion and Malfunction Detection System (NIMDS). It functions by monitoring SCADA's behavior and double checking the control process.

  • Date created
    2012-01-01
  • Subjects / Keywords
  • Type of Item
    Research Material
  • DOI
    https://doi.org/10.7939/r3-ang5-7617
  • License
    Attribution-NonCommercial 4.0 International