On SCADA Control System Command and Response Injection and Intrusion Detection

Abstract

Abstract-SCADA systems are widely used in critical control systems running normally to develop and validate a infrastructure sectors, including electricity generation and neural network based intrusion detection system which distribution, oil and gas production and distribution, and water leverages knowledge of the physical properties of the treatment and distribution. SCADA process control systems are controlled system to detect false command and false response typically isolated from the internet via firewalls. However, they injection attacks. may still be subject to illicit cyber penetrations and may be National Electric Reliability Council (NERC) Critical subject to cyber threats from disgruntled insiders. We have developed a set of command injection, data injection, and denial Infrastructure Protection (CIP) Standards 002-3 through 009-3 of service attacks which leverage the lack of authentication in [2] require utilities and other responsible entities to place many common control system communication protocols critical cyber assets within an electronic security perimeter. including MODBUS, DNP3, and EtherNETIIP. We used these The electronic security perimeters must be subjected to exploits to aid in development of a neural network based vulnerability analyses, use access control technologies, and intrusion detection system which monitors control system include systems to monitor and log the electronic security physical behavior to detect artifacts of command and response perimeter access. The Federal Energy Regulatory Commission injection attacks. Finally, we present intrusion detection accuracy (FERC) requires responsible entities involved in bulk results for our neural network based IDS which includes input electricity transmission to adhere to the NERC CIP 002-3 features derived from physical properties of the control system. through 009-3 standards. No such regulation exists for the