Abstract
The security of System Control and Data Acquisition (SCADA) systems is one of the most pressing subjects in industrial systems, particularly for those installations actively using the public network in order to provide new features and services. In this paper, we present an innovative approach to the design of filtering systems based on the state analysis of the system being monitored. The aim is to detect attacks composed of a set of “SCADA” commands that, while licit when considered in isolation on a single-packet basis, can disrupt the correct behavior of the system when executed in particular operating states. The proposed firewall detects these complex attacks thanks to an internal representation of the controlled SCADA system. Furthermore, we detail the design of the architecture of the firewall for systems that use the ModBus and DNP3 protocols, and the implementation of a prototype, providing experimental comparative results that confirm the validity of the proposed approach.
Posts: 14,118
Threads: 61
Joined: Oct 2014
The security of SCADA systems (Data Control and Acquisition System) is one of the most pressing issues in industrial systems, particularly for those facilities that actively use the public network to offer new features and services. In this article we present an innovative approach to the design of filtering systems based on the analysis of the state of the system being monitored. The goal is to detect attacks consisting of a set of "SCADA" commands that, while licit when considered in isolation in a single packet, can disrupt the correct behaviour of the system when executed in particular operating states. The proposed firewall detects these complex attacks thanks to an internal representation of the controlled SCADA system. In addition, we detail the firewall architecture design for systems using the ModBus and DNP3 protocols and the implementation of a prototype, providing experimental comparative results that confirm the validity of the proposed approach.
SCADA (monitoring control and data acquisition) is a type of industrial control system (ICS). It is a centralised system that monitors and controls the industrial processes that exist in the physical world. They work on Master - Slave basis. This system is widely used in power plants, semaphore control, power plants, etc., since it is a centralised data storage system, there is a possibility that the attackers to hack the information. In the existing system, a special filtering system is used that acts as a firewall for the SCADA network. The system is prevented from hackers by analysing the state of the system. It involves predicting whether the system is close to the critical state. The problem is that only the hacker's attack is prevented. No problem is identified in the PLC (Programmable Logic Controller) software. There is no protection against unintentional errors or code-level and other attacks. Some errors will only show one warning, the user will ignore the warning and load the malicious code on the server thus affecting the entire system. We focus on software vulnerabilities in ladder logic; A popular graphical language for programmable logic controllers. We show how intentional or unintentional errors in ladder logic code can lead to integrity and availability violations. We propose methods to support the safe development of code of programmable logic controllers and to detect vulnerable applications.