Dinghua Wang,Dongqin Feng

DOI: https://doi.org/10.1109/iaeac.2018.8577543

2018-01-01

Abstract:Supervisory control and data acquisition system is an important part of the country's critical infrastructure, but its inherent network characteristics are vulnerable to attack by intruders. The vulnerability of supervisory control and data acquisition system was analyzed, combining common attacks such as information scanning, response injection, command injection and denial of service in industrial control systems, and proposed an intrusion detection model based on graphical features. The time series of message transmission were visualized, extracting the vertex coordinates and various graphic area features to constitute a new data set, and obtained classification model of intrusion detection through training. An intrusion detection experiment environment was built using tools such as MATLAB and power protocol testers. IEC 60870-5-104 protocol which is widely used in power systems had been taken as an example. The results of tests have good effectiveness.

Genghong Lu,Dongqin Feng

DOI: https://doi.org/10.23919/icif.2018.8455208

2018-01-01

Abstract:Due to the wide implementation of communication networks, industrial control systems are vulnerable to malicious attacks, which could cause potentially devastating results. Adversaries launch integrity attacks by injecting false data into systems to create fake events or cover up the plan of damaging the systems. In addition, the complexity and nonlinearity of control systems make it more difficult to detect attacks and defense it. Therefore, a novel security situation awareness framework based on particle filtering, which has good ability in estimating state for nonlinear systems, is proposed to provide an accuracy understanding of system situation. First, a system state estimation based on particle filtering is presented to estimate nodes state. Then, a voting scheme is introduced into hazard situation detection to identify the malicious nodes and a local estimator is constructed to estimate the actual system state by removing the identified malicious nodes. Finally, based on the estimated actual state, the actual measurements of the compromised nodes are predicted by using the situation prediction algorithm. At the end of this paper, a simulation of a continuous stirred tank is conducted to verify the efficiency of the proposed framework and algorithms.

P A S Ralston,J H Graham,J L Hieb

DOI: https://doi.org/10.1016/j.isatra.2007.04.003

Abstract:The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

Xueqin Gao,Tao Shang,Da Li,Jianwei Liu

DOI: https://doi.org/10.1109/pst55820.2022.9851965

2022-01-01

Abstract:SCADA systems are one of the critical infrastructures and face many security threats. Attackers can control SCADA systems through network attacks, destroying the normal operation of the power system. It is important to conduct a risk assessment of security threats on SCADA systems. However, existing models for risk assessment using attack trees mainly focus on describing possible intrusions rather than the interaction between threats and defenses. In this paper, we comprehensively consider intrusion likelihood and defense capability and propose a quantitative risk assessment model of security threats based on attack countermeasure tree (ACT). Each leaf node in ACT contains two attributes: exploitable vulnerabilities and defense countermeasures. An attack scenario can be constructed by means of traversing the leaf nodes. We set up six indicators to evaluate the impact of security threats in attack scenarios according to NISTIR 7628 standard. Experimental results show the attack probability of security threats and high-risk attack scenarios in SCADA systems. We can improve defense countermeasures to protect against security threats corresponding to high-risk scenarios. In addition, the model can continually update risk assessments based on the implementation of the system’s defensive countermeasures.

Li Yang,Junlin Liu,Yun Zhang

DOI: https://doi.org/10.1142/S021800142059003X

IF: 1.261

2019-10-07

International Journal of Pattern Recognition and Artificial Intelligence

Abstract:Supervisory Control and Data Acquisition (SCADA) system in the modern industrial automation control network is facing an increasing number of serious security threats. In order to meet the security defense requirements of oil and gas SCADA system, an intelligent security defense model based on multi-agent was designed by analyzing the security risks in oil and gas SCADA system and combining the advantages of multi-agent technology in distributed intrusion detection system. First, the whole structure of this model was divided into three layers: monitoring layer, decision layer and control layer. Then, the defense model was verified by C4.5 decision tree algorithm, and obtained a good result. Finally, the security defense prototype system of large-scale oil and gas SCADA system based on this model was realized. Results demonstrate that the application of multi-agent technology in the security defense of oil and gas SCADA system can achieve more comprehensive defense, more accurate detection, which can handle large-scale distributed attacks and improve the robustness and stability of security defenses. This study makes full use of the multi-agent architecture and has the advantage of accurate detection, high detection efficiency and timely response.

computer science, artificial intelligence

Manar Alanazi,Abdun Mahmood,Mohammad Jabed Morshed Chowdhury

DOI: https://doi.org/10.1016/j.cose.2022.103028

2022-11-26

Abstract:Supervisory control and data acquisition (SCADA) serves as the backbone of several critical infrastructures, including water supply systems, oil pipelines, transportation and electricity. It accomplishes essential functions, such as monitoring data from pumps, valves and transmitters. Across different generations, SCADA has undergone a significant evolution from a typically isolated environment to a highly interconnected network. Although this conversion has benefits for SCADA, such as enhanced performance efficiency and the cost reduction of heavy equipment, it has made SCADA more vulnerable to various cyber-attacks. Several SCADA security approaches are still provided by IT-based systems that are possibly not efficient enough to deflect the risks and threats originating from SCADA field operations. As a result, it is critically important to analyse cyber risks associated with the industrial SCADA system. The goal of this survey is to explore the security vulnerabilities of SCADA systems and classify the threats accordingly. In this project, we initially reviewed SCADA systems from different scopes, including architecture, vulnerabilities, attacks, intrusion detection techniques (IDS) and testbeds. We proposed taxonomies of vulnerabilities, attacks, IDS and testbeds according to predefined criteria. We concluded the survey by highlighting the research challenges and open issues for future research in the field of SCADA security.

computer science, information systems

Xiaming Ye,Junhua Zhao,Yan Zhang,Fushuan Wen

DOI: https://doi.org/10.3390/en8065266

IF: 3.2

2015-01-01

Energies

Abstract:The distribution automation system (DAS) is vulnerable to cyber-attacks due to the widespread use of terminal devices and standard communication protocols. On account of the cost of defense, it is impossible to ensure the security of every device in the DAS. Given this background, a novel quantitative vulnerability assessment model of cyber security for DAS is developed in this paper. In the assessment model, the potential physical consequences of cyber-attacks are analyzed from two levels: terminal device level and control center server level. Then, the attack process is modeled based on game theory and the relationships among different vulnerabilities are analyzed by introducing a vulnerability adjacency matrix. Finally, the application process of the proposed methodology is illustrated through a case study based on bus 2 of the Roy Billinton Test System (RBTS). The results demonstrate the reasonability and effectiveness of the proposed methodology.

Yongge Wang

DOI: https://doi.org/10.48550/arXiv.1207.5434

2012-07-23

Information Theory

Abstract:Distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems were developed to reduce labour costs, and to allow system-wide monitoring and remote control from a central location. Control systems are widely used in critical infrastructures such as electric grid, natural gas, water and wastewater industries. While control systems can be vulnerable to a variety of types of cyber attacks that could have devastating consequences, little research has been done to secure the control systems. American Gas Association (AGA), IEC TC57 WG15, IEEE, NIST and National SCADA Test Bed Program have been actively designing cryptographic standard to protect SCADA systems. American Gas Association (AGA) had originally been designing cryptographic standard to protect SCADA communication links and finished the report AGA 12 part 1. The AGA 12 part 2 has been transferred to IEEE P1711. This paper presents an attack on the protocols in the first draft of AGA standard (Wright et al., 2004). This attack shows that the security mechanisms in the first version of the AGA standard protocol could be easily defeated. We then propose a suite of security protocols optimised for SCADA/DCS systems which include: point-to-point secure channels, authenticated broadcast channels, authenticated emergency channels, and revised authenticated emergency channels. These protocols are designed to address the specific challenges that SCADA systems have.

Chuan Sheng,Yu Yao,Qiang Fu,Wei Yang

DOI: https://doi.org/10.1016/j.comnet.2020.107677

IF: 5.493

2021-02-01

Computer Networks

Abstract:<p>Supervisory Control and Data Acquisition (SCADA) systems are becoming increasingly susceptible to the sophisticated and targeted cyber attacks which are typically carried out by exploiting the vulnerabilities of industrial control devices or protocols. However, most of the existing network intrusion detection methods only focus on detecting and characterizing cyber attacks against the SCADA system, but cannot fully describe their real impact on the system. In this paper, we propose a cyber-physical model for the SCADA system to detect intrusions from the SCADA network and evaluate their risk levels against the industrial process. The model aims at characterizing the network structure and industrial process of the SCADA system through extracting and correlating the communication patterns and states of ICS devices. And any violation of the model is considered abnormal behavior, which can be caused by false operation or network attacks. Through associating network intrusions with the status of the SCADA system, a risk assessment method is proposed to estimate the potential damage degree of the attack on the system, which provides network administrators with richer information about network attacks. Moreover, the comprehensive performance evaluation conducted on public SCADA network data sets shows that the proposed method outperforms the existing methods in detecting and analyzing various cyber attacks against the SCADA system.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Qiaomu Jiang,Yiqin Lu,Bin Wang,Linxia Zhang,Wen Long

DOI: https://doi.org/10.1109/icct56141.2022.10072804

2022-01-01

Abstract:This paper focuses on the security of state estimation in supervisory control and data acquisition (SCADA) system in smart grids. The security index has been wildly studied to evaluate the vulnerability of SCADA systems under various types of cyber attacks, e.g., the false data injection (FDI) attack and distributed denial of service (DDoS) attack. However, it is shown that the calculation of security index is an NP-hard problem. Therefore, we propose an algebraic polynomial-time algorithm to calculate the security indices iteratively based on the orthogonal projection technique. Since existing modeling methods of security index only consider the attack overhead, without considering the impact of cyber attacks on the system performance, a novel hybrid security index is constructed. In the hybrid security index, the overheads of FDI attacks, DDoS attacks, and the impact of attack on the estimation error are considered simultaneously. Numerical results show that the protection of some critical measurements can enhance the overall security of SCADA systems.

Geeta Yadav,Kolin Paul

DOI: https://doi.org/10.1016/j.ijcip.2021.100433

IF: 3.683

2021-09-01

International Journal of Critical Infrastructure Protection

Abstract:Pipeline bursting, production lines shut down, frenzy traffic, trains confrontation, the nuclear reactor shut down, disrupted electric supply, interrupted oxygen supply in ICU – these catastrophic events could result because of an erroneous SCADA system/ Industrial Control System (ICS). SCADA systems have become an essential part of automated control and monitoring of Critical Infrastructures (CI). Modern SCADA systems have evolved from standalone systems into sophisticated, complex, open systems connected to the Internet. This geographically distributed modern SCADA system is more vulnerable to threats and cyber attacks than traditional SCADA. Traditional SCADA systems were less exposed to Internet threats as they operated on isolated networks. Over the years, an increase in the number of cyber-attacks against the SCADA systems seeks security researchers’ attention towards their security. In this review paper, we first review the SCADA system architectures and comparative analysis of proposed/implemented communication protocols, followed by attacks on such systems to understand and highlight the evolving security needs for SCADA systems. A short investigation of the current state of intrusion detection techniques in SCADA systems is done, followed by a brief study of testbeds for SCADA systems. The cloud and Internet of things (IoT) based SCADA systems are studied by analyzing modern SCADA systems’ architecture. In the end, the review paper highlights the critical research problems that need to be resolved to close the security gaps in SCADA systems.

engineering, multidisciplinary,computer science, information systems

Jianxin Xu,Dongqin Feng

DOI: https://doi.org/10.1155/2017/2430835

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:This paper discusses two aspects of major risks related to the cyber security of an industrial control system (ICS), including the exploitation of the vulnerabilities of legitimate communication parties and the features abused by unauthorized parties. We propose a novel framework for exposing the above two types of risks. A state fusion finite state machine (SF-FSM) model is defined to describe multiple request-response packet pair sequence signatures of various applications using the same protocol. An inverted index of keywords in an industrial protocol is also proposed to accomplish fast state sequence matching. Then we put forward the concept of scenario reconstruction, using state sequence matching based on SF-FSM, to present the known vulnerabilities corresponding to applications of a specific type and version by identifying the packet interaction characteristics from the data flow in the supervisory control layer network. We also implement an anomaly detection approach to identifying illegal access using state sequence matching based on SF-FSM. An anomaly is asserted if none of the state sequence signatures in the SF-FSM is matched with a packet flow. Ultimately, an example based on industrial protocols is demonstrated by a prototype system to validate the methods of scenario reconstruction and anomaly detection.

Alaa T. AL Ghazo,Ratnesh Kumar

DOI: https://doi.org/10.1109/tsmc.2023.3345254

2024-01-01

IEEE Transactions on Systems, Man, and Cybernetics: Systems

Abstract:Supervisory control and data acquisition (SCADA) and industrial control systems (ICSs) are designed to operate for extended periods of time and can withstand extreme conditions. However, operators, engineers, and offices change over time, which can lead to outdated documentation and references. This can make it difficult to identify system components and their vulnerabilities, which can pose a security risk. In this article, we present an automated passive method for identifying system components based on network traffic structure and network message characteristics. The proposed approach considers both TCP/IP and Modbus, the two primary communication protocols in SCADA, to identify devices. The algorithm was implemented in Python and evaluated using water treatment SCADA data collected from the iTrust facility. Once the system devices have been identified, the algorithm queries the National Vulnerability Database (NVD) and the Common Vulnerabilities and Exposures (CVE) databases to identify each device’s known vulnerabilities. Using our research on automated attack graph generation and visualization (A2G2V) and strongly connected component induced min label cut (SCCiMLC), we can map device vulnerabilities to system-level attack graphs and identify the bare minimum of device vulnerabilities to mitigate in order to secure the entire system. The proposed technique has been demonstrated to be beneficial in identifying system components in SCADA and ICS systems to increase their security.

automation & control systems,computer science, cybernetics

Dulip Madurasinghe,Ganesh Kumar Venayagamoorthy

DOI: https://doi.org/10.1109/access.2024.3475011

IF: 3.9

2024-10-19

IEEE Access

Abstract:The complexity of the power system has increased due to recent grid modernization and active distribution systems. As a result, monitoring and controlling modern power systems have become challenging. Dynamic security assessment (DSA) in power systems is a critical operational situational awareness (OpSA) tool for the energy control center (ECC). State-of-the-art (SOTA) DSA has been based on traditional state estimation utilizing the supervisory control and data acquisition (SCADA) / phasor measurement units (PMU) and transmission network topology processing (TNTP) based on SCADA monitoring of relay signals (TNTP-SMRS). Due to the slow data rates of SCADA, these applications cannot efficiently support an online DSA tool. Furthermore, an inaccurate network model based on TNTP-SMRS can lead to erroneous DSA. In this paper, a distributed dynamic security assessment (D-DSA) based on multi-level distributed linear state estimation (D-LSE) and efficient and reliable hierarchical transmission network topology processing utilizing synchrophasor network (H-TNTP-PMU) has been proposed. The tool can be used in real-time operation at the ECC of modern power systems. D-DSA architecture comprises three levels, namely Level 1 - component level security assessment (substations and transmission lines), Level 2 - area level security assessment, and Level 3 - network level security assessment. D-DSA concurrently evaluates all available substations' security in the substation security assessment (SSA) and all available transmission lines' security in the transmission line security assessment (TSA). Under the area security assessment (ASA), all SSA and TSA in each area are separately integrated to assess the area SSI (ASI-SSI) and TSI (ASI-TSI). Subsequently, each area's area-level security index (ASI) is calculated by fusing ASI-SSI and ASI-TSI. At the network level security assessment, network SSI (NSI-SSI) and TSI (NSI-TSI) are estimated by fusing all ASI-SSIs and ASI-TSI, respectively. Network level security index (NSI) is estimated by fusing the NSI-SSI and NSI-TSI in network security assessment (NSA). Typical results of D-DSA are presented for two test systems, the modified two-area four-machine power system model and the IEEE 68 bus power system model. Results indicate that the proposed D-DSA can complete the assessment accurately at the PMU data frame rate, enabling online security assessment regardless of the network size.

computer science, information systems,telecommunications,engineering, electrical & electronic

Anees Ara

DOI: https://doi.org/10.1088/1755-1315/1026/1/012030

2022-07-09

IOP Conference Series: Earth and Environmental Science

Abstract:Industrial control systems (ICS) play a vital role in monitoring and controlling the plants like power grids, oil and gas industries, manufacturing industries, and nuclear power plants. Present research and development in information and communication technologies have changed the domains of industrial control systems from traditional electromagnetic to network- based digital systems. This domain shift has created better interfaces for communication between physical processes and the control units. Eventually, making the complex process of monitoring and controlling the industries easier, with the help of internet connections and computing technologies. The field instruments such as sensors and actuators and the physical processes in industries are controlled and monitored by programmable logic controllers (PLC), remote telemetric units (RTU), and supervisory control and data acquisition systems (SCADA) with the help of communication protocols. The seamless integration of the information technologies (IT) and operational technologies (OT) make the management of the industrial environment foster. However, the inclusion of new technologies that increase the number of internet connections, the new communication protocols, and interfaces that run on open-source software, brings up new threats and challenges in addition to existing vulnerabilities in these classical legacy-based heterogeneous hardware and software systems. Due to the increase in the number of security incidents on critical infrastructures, the security considerations for SCADA systems/ICS are gaining interest among researchers. In this paper, we provide a description of SCADA/ICS components, architecture, and communication protocols. Additionally, we discuss details of existing vulnerabilities in hardware, software, and communication protocols. Further, we highlight some prominent security incidents and their motives behind them. We analyse the existing state of OT and IT security in SCADA systems by classifying the SCADA components among them. Finally, we provide security recommendations based on current trends and also discuss open research problems in SCADA security.

Leandros A. Maglaras,Jianmin Jiang,Tiago J. Cruz

DOI: https://doi.org/10.1016/j.jisa.2016.04.002

IF: 4.96

2016-10-01

Journal of Information Security and Applications

Abstract:Modern Supervisory Control and Data Acquisition (SCADA) systems used by the electric utility industry to monitor and control electric power generation, transmission and distribution are recognized today as critical components of the electric power delivery infrastructure. SCADA systems are large, complex and incorporate increasing numbers of widely distributed components. The presence of a real time intrusion detection mechanism, which can cope with different types of attacks, is of great importance in order to defend a system against cyber attacks. This defense mechanism must be distributed, cheap and above all accurate, since false positive alarms or mistakes regarding the origin of the intrusion mean severe costs for the system. Recently an integrated detection mechanism, namely IT-OCSVM, was proposed, which is distributed in a SCADA network as a part of a distributed intrusion detection system (DIDS), providing accurate data about the origin and the time of an intrusion. In this paper we also analyze the architecture of the integrated detection mechanism and we perform extensive simulations based on real cyber attacks in a small SCADA testbed in order to evaluate the performance of the proposed mechanism.

computer science, information systems

L. Rajesh,Penke Satyanarayana

DOI: https://doi.org/10.1007/s11277-023-10738-0

IF: 2.017

2023-09-21

Wireless Personal Communications

Abstract:Industrial control systems (ICS) like supervisory control and data acquisition (SCADA) systems play a crucial role in monitoring and controlling various process industries in national critical infrastructures. They are connecting to internet and highly inter-connected corporate networks for sharing the field data to third party heterogeneous systems like enterprise resource planning, third party SCADA systems etc. Even though it helps to share the data for monitoring and control of systems, it also opens the doors for cyber-attacks. It needs to strengthen the cyber security of these SCADA systems. There are various components in SCADA systems which requires to build security in these components. Generally, most of the SCADA systems uses MODBUS communication protocol for scanning the PLC devices to acquire the field data. The communication protocol security is one of the main components which was little addressed. The MODBUS protocol was developed without security in mind because security aspect was not a concern in closed environments of industrial control systems. It is highly vulnerable to cyber-attacks. There are some methods already developed by scholars to implement security in MODBUS protocol, but the existing methods modified the MODBUS frame formats. Hence, they are not suitable to the existing legacy systems because they do not support interoperability between various industry manufacturer’s products. Another critical problem in existing methods is all the required security features were not implemented in a single method which would satisfy the security features like integrity, confidentiality, non-repudiation, authorization and authentication. In this paper, we designed and developed a new method by developing Secure Modbus Gateway Server and Client modules to provide secure data transfer between data acquisition servers and PLCs. In this methodology, the modules were developed using RSA and AES algorithms for achieving confidentiality and non-repudiation, SHA algorithm to provide integrity of the message. These modules also support authorization and authentication features. The time stamp in the Modbus frame was also included and transmitted to prevent replay attacks. The advantages of these modules/methodology are, it supports all required features for secure data transfer like integrity, confidentiality, non-repudiation, authorization and authentication. They also provide time stamp, frame filtering and exception response alarm triggering features. These modules also support interoperability and they can be easily installed in existing legacy systems. We measured performance metrics like attack resilience rate (ARP), attack penetration rate (APR) and overheads. This method protects the ICS system for 97% of attacks. The overhead on protocol was also calculated and it is found that 3.5% extra delay in round trip time which is very minor and can be tolerated in exchange of the important security benefits offered.

telecommunications

Sagarika Ghosh,Marzia Zaman,Bernard Plourde,Srinivas Sampalli

DOI: https://doi.org/10.3390/sym14081625

2022-08-08

Symmetry

Abstract:Supervisory Control and Data Acquisition (SCADA) systems are ubiquitous in industrial control processes, such as power grids, water supply systems, traffic control, oil and natural gas mining, space stations and nuclear plants. However, their security faces the threat of being compromised due to the increasing use of open-access networks. Furthermore, one of the research gaps involves the emergence of quantum computing, which has exposed a new type of risk to SCADA systems. Failure to secure SCADA systems can lead to catastrophic consequences. For example, a malicious attack can take control of the power supply to a city, shut down the water supply system, or cause malfunction of a nuclear reactor. The primary purpose of this paper is to identify the new type of attack based on quantum computing and design a novel security scheme to defend against traditional attacks as well as the quantum attack. The methodology of the proposed signcryption is built on the foundation of the classical Bennett and Brassard 1984 (BB84) cryptographic scheme and does not involve computationally expensive third-party validation. The proposed signcryption scheme provides both encryption and intrusion detection. In particular, it detects the man-in-the-middle attack that can lead to other types of attacks. We have simulated the proposed algorithm using the Quantum Information Toolkit in Python. Furthermore, we have validated and analyzed the proposed design through security verification tools, namely, Scyther and PRISM.

multidisciplinary sciences

Akinwale Eso,Omorogiuwa Eseosa

DOI: https://doi.org/10.46610/joares.2022.v08i02.004

2022-07-16

Journal of Alternative and Renewable Energy Sources

Abstract:Pipeline leakage detection, if not addressed swiftly/promptly, could result to loss of lives and properties. Researches have shown that the best means of curbing or drastically minimizing these losses is through real time monitoring using DCS and CAO-SCADA Technology as the management tool. This tool was adopted in this work and then applied to a particular oil and gas terminal in Nigeria. Research questions were generated and data obtained as well as the research instrument used were validated. A total of one hundred and thirty-five respondents were used for the study. From the formulated testing based on z-test, three hypotheses were investigated termed as HO1, HO2 and HO3. HO1 test hypothesis of pipeline failure as a result of leakages along it and if the leakage detection is because there is no DSC, CAO-SCADA management tool along the pipeline. The result obtained showed that z-calculated is less than the critical value of 1.96 with a significant level of 0.05. From the results obtained, the hypothesis HO1 is accepted, thus failure of this pipeline is because the DSO, CAO-SCADA is not present in the system. HO2 testing determined if there exists any difference significantly between the DSC and CAO-SCADA system. From the result, the z-calculated which is 0.0065 is less than the critical value which is 1. This implies that the null hypothesis (HO2) is accepted. Meaning that there is no significant difference between CAO-SCADA and the DCO for the effective management and monitoring and safety operations in the pipeline. The last hypothesis is to test if there exists significant difference between DCS and CAO-SCADA system for effective industrial system control of leakages in pipeline. Out of the 135(100%) respondents, 106(78.52%) agreed with the recommendations made by the researchers while 12.59% partially agreed. 4(5.18%) have a clear understanding and 5(0.0370%) are indifferent about the recommendations made.

Alaa O. Khadidos,Hariprasath Manoharan,Shitharth Selvarajan,Adil O. Khadidos,Khaled H. Alyoubi,Ayman Yafoz

DOI: https://doi.org/10.3390/en15103624

IF: 3.2

2022-05-16

Energies

Abstract:Detecting intrusions from the supervisory control and data acquisition (SCADA) systems is one of the most essential and challenging processes in recent times. Most of the conventional works aim to develop an efficient intrusion detection system (IDS) framework for increasing the security of SCADA against networking attacks. Nonetheless, it faces the problems of complexity in classification, requiring more time for training and testing, as well as increased misprediction results and error outputs. Hence, this research work intends to develop a novel IDS framework by implementing a combination of methodologies, such as clustering, optimization, and classification. The most popular and extensively utilized SCADA attacking datasets are taken for this system's proposed IDS framework implementation and validation. The main contribution of this work is to accurately detect the intrusions from the given SCADA datasets with minimized computational operations and increased accuracy of classification. Additionally the proposed work aims to develop a simple and efficient classification technique for improving the security of SCADA systems. Initially, the dataset preprocessing and clustering processes were performed using the multifacet data clustering model (MDCM) in order to simplify the classification process. Then, the hybrid gradient descent spider monkey optimization (GDSMO) mechanism is implemented for selecting the optimal parameters from the clustered datasets, based on the global best solution. The main purpose of using the optimization methodology is to train the classifier with the optimized features to increase accuracy and reduce processing time. Moreover, the deep sequential long short term memory (DS-LSTM) is employed to identify the intrusions from the clustered datasets with efficient data model training. Finally, the proposed optimization-based classification methodology's performance and results are validated and compared using various evaluation metrics.

energy & fuels