CIDF:Combined Intrusion Detection Framework in Industrial Control Systems based on Packet Signature and Enhanced FSFDP
Authors: 
Jianwen Xiang, Xuemin Zhang, Qianrong Zheng, Longmin Deng, Dongdong Zhao, Junwei ZhouAuthors Info & Claims
Jianwen Xiang, Xuemin Zhang, Qianrong Zheng, Longmin Deng, Dongdong Zhao, Junwei ZhouAuthors Info & ClaimsPages 417 - 426
Abstract
Industrial Control System (ICS) is vital to critical infrastructures, yet it faces increasing security threats. Current Intrusion Detection System (IDS) designed for ICS often overlooks the unbalanced resource distribution among devices at different layers and primarily focus on known attacks, rendering it difficult to be deployed on all key nodes and vulnerable to unknown threats. To address above issues, we propose a Combined Intrusion Detection Framework (CIDF). This innovative approach is based on strategy of “multi-level layered deployment, combined detection”, deploying the Packet Signature model and the Enhanced Fast Search and Find of Density Peaks (EFSFDP) model on devices at different layers. To achieve optimal use of resource and full protection for ICS and combining the advantages of multiple detection methods to effective detect both known and unknown attacks. The Evaluation using a public gas pipeline dataset and a private dataset shows our approach outperforms existing methods, achieving an average Accuracy, Precision, and Recall of 94%, 95.5%, and 86.5% respectively, and along with superior detection speed.
References
[1]
S Adepu and A Mathur. 2016. An investigation into the response of a water treatment system into cyber attacks. In 2016 17th International Symposium on High Assurance Systems Engineering (HASE). IEEE, 141–148.
[2]
Wathiq Laftah Al-Yaseen and Ali Kadhum Idrees. 2023. MuDeLA: multi-level deep learning approach for intrusion detection systems. International Journal of Computers and Applications 45, 12 (2023), 755–763.
[3]
Manar Alanazi, Abdun Mahmood, and Mohammad Jabed Morshed Chowdhury. 2023. SCADA vulnerabilities and attacks: A review of the state-of-the-art and open issues. Computers & security 125 (2023), 103028.
[4]
H Hettema AMY Koay, RKL Ko and K Radke. 2023. Machine learning in industrial control system (ICS) security: current landscape, opportunities and challenges. Journal of Intelligent Information Systems 60, 2 (2023), 377–405.
[5]
Muhammad Rizwan Asghar, Qinwen Hu, and Sherali Zeadally. 2019. Cybersecurity in industrial control systems: Issues, technologies, and challenges. Computer Networks 165, 24 (2019), 106946.
[6]
Rafael Ramos Regis Barbosa, Ramin Sadre, and Aiko Pras. 2012. Towards periodicity based anomaly detection in SCADA networks. In 2012 IEEE 17th International Conference on Emerging Technologies & Factory Automation (ETFA). IEEE, 1–4.
[7]
Steven Cheung, Bruno Dutertre, Martin Fong, Ulf Lindqvist, Keith Skinner, and Alfonso Valdes. 2007. Using model-based intrusion detection for SCADA networks. In Proceedings of the SCADA security scientific symposium, Vol. 46. SRI International, 1–12.
[8]
Longmin Deng, Xuemin Zhang, Qianrong Zheng, Dongdong Zhao, Junwei Zhou, and Jianwen Xiang. 2023. A New Dataset for Intrusion Detection in Industrial Control System: A Gas Pipeline Testbed Study. In 2023 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom). IEEE, 887–892.
[9]
Cheng Feng, Tingting Li, and Deeph Chana. 2017. Multi-level anomaly detection in industrial control systems via package signatures and LSTM networks. In 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 261–272.
[10]
Niv Goldenberg and Avishai Wool. 2013. Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. International journal of critical infrastructure protection 6, 2 (2013), 63–75.
[11]
Weijie Hao, Tao Yang, and Qiang Yang. 2021. Hybrid statistical-machine learning for real-time anomaly detection in industrial cyber–physical systems. IEEE Transactions on Automation Science and Engineering 20, 1 (2021), 32–46.
[12]
Ansam Khraisat, Iqbal Gondal, Peter Vamplew, and Joarder Kamruzzaman. 2019. Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2, 1 (2019), 1–22.
[13]
Moshe Kravchik and Asaf Shabtai. 2021. Efficient cyber attack detection in industrial control systems using lightweight neural networks and pca. IEEE transactions on dependable and secure computing 19, 4 (2021), 2179–2197.
[14]
Siwar Kriaa, Marc Bouissou, Frederic Colin, Yoran Halgand, and Ludovic Pietre-Cambacedes. 2014. Safety and security interactions modeling using the BDMP formalism: case study of a pipeline. In 2014 33th International Conference on Computer Safety, Reliability and Security (SafeComp). Springer, 326–341.
[15]
Meimei Li, Yuhan Li, Nan Li, Zhongfeng Jin, Jiguo Liu, and Chao Liu. 2023. Intrusion detection method for SCADA system based on spatio-temporal characteristics. In 2023 26th International Conference on Computer Supported Cooperative Work in Design (CSCWD). IEEE, 326–331.
[16]
Stephen McLaughlin, Charalambos Konstantinou, Xueyang Wang, Lucas Davi, Ahmad-Reza Sadeghi, Michail Maniatakos, and Ramesh Karri. 2016. The cybersecurity landscape in industrial control systems. Proc. IEEE 104, 5 (2016), 1039–1057.
[17]
Robert Mitchell and Ing-Ray Chen. 2014. A survey of intrusion detection techniques for cyber-physical systems. ACM Computing Surveys (CSUR) 46, 4 (2014), 1–29.
[18]
Thomas Morris, Anurag Srivastava, Bradley Reaves, Wei Gao, Kalyan Pavurapu, and Ram Reddi. 2011. A control system testbed to validate critical infrastructure protection concepts. International Journal of Critical Infrastructure Protection 4, 2 (2011), 88–103.
[19]
Thomas H Morris, Zach Thornton, and Ian Turnipseed. 2015. Industrial control system simulation and data logging for intrusion detection system research. (2015), 3–4.
[20]
Chuadhry Mujeeb Ahmed MR, Gauthama Raman and Aditya Mathur. 2022. Cybersecurity of industrial cyber-physical systems: A review. ACM Computing Surveys (CSUR) 4, 1 (2022), 27.
[21]
Gauthama Raman MR, Chuadhry Mujeeb Ahmed, and Aditya Mathur. 2021. Machine learning for intrusion detection in industrial control systems: challenges and lessons from experimental evaluation. Cybersecurity 4, 1 (2021), 27.
[22]
Saranya Parthasarathy and Deepa Kundur. 2012. Bloom filter based intrusion detection for smart grid SCADA. In 2012 25th IEEE Canadian Conference on Electrical and Computer Engineering (CCECE). IEEE, 1–6.
[23]
Stanislav Ponomarev and Travis Atkison. 2015. Industrial control system network intrusion detection by telemetry analysis. IEEE Transactions on Dependable and Secure Computing 13, 2 (2015), 252–260.
[24]
SS Prasanna, GSR Emil Selvan, and MP Ramkumar. 2023. Anomaly-based tntrusion detection system for ICS. In 2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT). IEEE, 1–4.
[25]
Wenli Shang, Peng Zeng, Ming Wan, Lin Li, and Panfeng An. 2016. Intrusion detection algorithm based on OCSVM in industrial control system. Security and Communication Networks 9, 10 (2016), 1040–1049.
[26]
Wen Li Shang, Sheng Shan Zhang, and Ming Wan. 2014. Modbus/TCP communication anomaly detection based on PSO-SVM. Applied Mechanics and Materials 490 (2014), 1745–1753.
[27]
Chuan Sheng, Yu Yao, Wenxuan Li, Wei Yang, and Ying Liu. 2023. Unknown attack traffic classification in SCADA network using heuristic clustering technique. IEEE Transactions on Network and Service Management 20, 3 (2023), 2625–2638.
[28]
Liu C C Stefanov A. 2012. Cyber-power system security in a smart grid environment. In 2012 1th IEEE PES Innovative Smart Grid Technologies (ISGT). IEEE, 1–3.
[29]
Keith Stouffer, Joe Falco, Karen Scarfone, 2011. Guide to industrial control systems (ICS) security. NIST special publication 800, 82 (2011), 16–16.
[30]
George Thomas. 2008. Introduction to the modbus protocol. The Extension 9, 4 (2008), 1–4.
[31]
Allen J Wood, Bruce F Wollenberg, and Gerald B Sheblé. 2013. Power generation, operation, and control. John Wiley & Sons.
[32]
Wang Yusheng, Fan Kefeng, Lai Yingxu, Liu Zenghui, Zhou Ruikang, Yao Xiangzhen, and Li Lin. 2017. Intrusion detection of industrial control system based on Modbus TCP protocol. In 2017 IEEE 13th International Symposium on Autonomous Decentralized System (ISADS). IEEE, 156–162.
Index Terms
- CIDF:Combined Intrusion Detection Framework in Industrial Control Systems based on Packet Signature and Enhanced FSFDP
Recommendations
CNN-based anomaly detection for packet payloads of industrial control system
Industrial control systems (ICSs) are more vulnerable to cyber threats owing to their network connectivity. The intrusion detection system(IDS) has been deployed to detect sophisticated cyber-attack but the existing IDS uses the packet header information ...
Why Anomaly-Based Intrusion Detection Systems Have Not Yet Conquered the Industrial Market?
Foundations and Practice of SecurityAbstractIn this position paper, we tackle the following question: why anomaly-based intrusion detection systems (IDS), despite providing excellent results and holding higher (potential) capabilities to detect unknown (zero-day) attacks, are still marginal ...
A Retrofit Network Intrusion Detection System for MODBUS RTU and ASCII Industrial Control Systems
HICSS '12: Proceedings of the 2012 45th Hawaii International Conference on System SciencesMODBUS RTU/ASCII Snort is software to retrofit serial based industrial control systems to add Snort intrusion detection and intrusion prevention capabilities. This article discusses the need for such a system by describing 4 classes of intrusion ...
Comments
Information & Contributors
Information
Published In
July 2024
518 pages
ISBN:9798400707056
DOI:10.1145/3671016
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 24 July 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- the National Key Research and Development Program
- the Key Research and Development Program of Hubei Province
Conference
Internetware 2024
Sponsor:
Acceptance Rates
Overall Acceptance Rate 55 of 111 submissions, 50%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 16Total Downloads
- Downloads (Last 12 months)16
- Downloads (Last 6 weeks)16
Reflects downloads up to 30 Jul 2024
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatGet Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in