International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

Securing SCADA Systems: A Comprehensive Machine Learning Approach for Detecting Reconnaissance Attacks

  • Received : 2023.12.05
  • Published : 2023.12.30
Download PDF
⟨ Previous Next ⟩

Abstract

Ensuring the security of Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) is paramount to safeguarding the reliability and safety of critical infrastructure. This paper addresses the significant threat posed by reconnaissance attacks on SCADA/ICS networks and presents an innovative methodology for enhancing their protection. The proposed approach strategically employs imbalance dataset handling techniques, ensemble methods, and feature engineering to enhance the resilience of SCADA/ICS systems. Experimentation and analysis demonstrate the compelling efficacy of our strategy, as evidenced by excellent model performance characterized by good precision, recall, and a commendably low false negative (FN). The practical utility of our approach is underscored through the evaluation of real-world SCADA/ICS datasets, showcasing superior performance compared to existing methods in a comparative analysis. Moreover, the integration of feature augmentation is revealed to significantly enhance detection capabilities. This research contributes to advancing the security posture of SCADA/ICS environments, addressing a critical imperative in the face of evolving cyber threats.

Keywords

References

  1. A. Shahzad, S. Musa, A. Aborujilah, and M. Irfan, "The SCADA review: System components, architecture, protocols and future security trends," Am. J. Appl. Sci., vol. 11, no. 8, pp. 1418-1425, 2014, doi: 10.3844/ajassp.2014.1418.1425.
  2. S. Min Han, C. Lee, Y. Ho Chae, and P. Hyun Seong, "A study on classification of the security controls for the effective implementation to nuclear power plant," Nucl. Eng. Technol., vol. 54, no. 4, pp. 1245-1252, 2022, doi: 10.1016/j.net.2021.10.009.
  3. S. Kim, G. Heo, E. Zio, J. Shin, and J. gu Song, "Cyber attack taxonomy for digital environment in nuclear power plants," Nucl. Eng. Technol., vol. 52, no. 5, pp. 995-1001, 2020, doi: 10.1016/j.net.2019.11.001.
  4. D. Pliatsios, P. Sarigiannidis, T. Lagkas, and A. G. Sarigiannidis, "A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics," IEEE Commun. Surv. Tutorials, vol. 22, no. 3, pp. 1942-1976, 2020, doi: 10.1109/COMST.2020.2987688.
  5. F. A. Alhaidari and E. M. Al-Dahasi, "New approach to determine DDoS attack patterns on SCADA system using machine learning," 2019 Int. Conf. Comput. Inf. Sci. ICCIS 2019, pp. 1-6, 2019, doi: 10.1109/ICCISci.2019.8716432.
  6. P. Anggraeni, A. R. Harits M., and M. Fikri Radhea, "Identifying SCADA Network Security Through Network Reconnaissance and Firewall Filter," ISMEE 2021 - 2021 3rd Int. Symp. Mater. Electr. Eng. Conf. Enhancing Res. Qual. F. Mater. Electr. Eng. a Better Life, pp. 211-216, 2021, doi: 10.1109/ISMEE54273.2021.9774069.
  7. M. Timken, O. Gungor, T. Rosing, and B. Aksanli, "Analysis of Machine Learning Algorithms for Cyber Attack Detection in SCADA Power Systems," 2023 Int. Conf. Smart Appl. Commun. Networking, SmartNets 2023, no. Ml, pp. 1-6, 2023, doi: 10.1109/SmartNets58706.2023.10216147.
  8. E. Anthi, L. Williams, M. Rhode, P. Burnap, and A. Wedgbury, "Adversarial attacks on machine learning cybersecurity defences in Industrial Control Systems," J. Inf. Secur. Appl., vol. 58, 2021, doi: 10.1016/j.jisa.2020.102717.
  9. B. Biggio et al., "Evasion attacks against machine learning at test time," Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 8190 LNAI, no. PART 3, pp. 387-402, 2013, doi: 10.1007/978-3-642-40994-3_25.
  10. H. Lin, J. Zhuang, Y.-C. Hu, and H. Zhou, "DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids' Cyber-Physical Infrastructures," no. February, 2020, doi: 10.14722/ndss.2020.24365.
  11. J. H. Jafarian, E. Al-Shaer, and Q. Duan, "An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks," IEEE Trans. Inf. Forensics Secur., vol. 10, no. 12, pp. 2562-2577, 2015, doi: 10.1109/TIFS.2015.2467358.
  12. P. Keshavamurthy and S. Kulkarni, "Early Detection of Reconnaissance Attacks on IoT Devices by Analyzing Performance and Traffic Characteristics," 2023 IEEE Int. Conf. Cyber Secur. Resil., pp. 187-193, 2023, doi: 10.1109/csr57506.2023.10224986.
  13. M. Lyu, H. H. Gharakheili, and V. Sivaraman, "A Survey on Enterprise Network Security: Asset Behavioral Monitoring and Distributed Attack Detection," pp. 1-18, 2023, [Online]. Available: http://arxiv.org/abs/2306.16675.
  14. V. Q. Nguyen, T. L. Ngo, L. M. Nguyen, V. H. Nguyen, V. Van Nguyen, and T. H. Nguyen, "Hybrid of Deep Auto-Encoder and Maximum Mean Discrepancy for Cyber Reconnaissance Detection," 2023 15th Int. Conf. Knowl. Syst. Eng., pp. 1-8, 2023, doi: 10.1109/kse59128.2023.10299465.
  15. A. C. for C. S. (ACCS), "UNSW_NB15." https://www.kaggle.com/datasets/mrwellsdavid/unsw-nb15?rvi=1.
  16. V. Kumar, "Feature Selection: A literature Review," Smart Comput. Rev., vol. 4, no. 3, 2014, doi: 10.6029/smartcr.2014.03.007.
  17. M. A. Teixeira, T. Salman, M. Zolanvari, R. Jain, N. Meskin, and M. Samaka, "SCADA system testbed for cybersecurity research using machine learning approach," Futur. Internet, vol. 10, no. 8, 2018, doi: 10.3390/fi10080076.