On SCADA control system command and response injection and intrusion detection

• Published in: 2010 eCrime Researchers Summit pp. 1 - 9
• Main Authors: Wei Gao, Morris, T, Reaves, B, Richey, D
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.10.2010
• Subjects: Chemicals; cyber security; Ethernet networks; intrusion detection; IP networks; Monitoring; Protocols; Registers; SCADA control system; Security
• ISBN: 9781424477609; 1424477603
• ISSN: 2159-1237
• DOI: 10.1109/ecrime.2010.5706699

SCADA systems are widely used in critical infrastructure sectors, including electricity generation and distribution, oil and gas production and distribution, and water treatment and distribution. SCADA process control systems are typically isolated from the internet via firewalls. However, they may still be subject to illicit cyber penetrations and may be subject to cyber threats from disgruntled insiders. We have developed a set of command injection, data injection, and denial of service attacks which leverage the lack of authentication in many common control system communication protocols including MODBUS, DNP3, and EtherNET/IP. We used these exploits to aid in development of a neural network based intrusion detection system which monitors control system physical behavior to detect artifacts of command and response injection attacks. Finally, we present intrusion detection accuracy results for our neural network based IDS which includes input features derived from physical properties of the control system.