eBook - ePub
SCADA Security
Machine Learning Concepts for Intrusion Detection and Prevention
Abdulmohsen Almalawi, Zahir Tari, Adil Fahad, Xun Yi
This is a test
Compartir libro
- English
- ePUB (apto para móviles)
- Disponible en iOS y Android
eBook - ePub
SCADA Security
Machine Learning Concepts for Intrusion Detection and Prevention
Abdulmohsen Almalawi, Zahir Tari, Adil Fahad, Xun Yi
Detalles del libro
Vista previa del libro
Índice
Citas
Información del libro
Examines the design and use of Intrusion Detection Systems (IDS) to secure Supervisory Control and Data Acquisition (SCADA) systems
Cyber-attacks on SCADA systems—the control system architecture that uses computers, networked data communications, and graphical user interfaces for high-level process supervisory management—can lead to costly financial consequences or even result in loss of life. Minimizing potential risks and responding to malicious actions requires innovative approaches for monitoring SCADA systems and protecting them from targeted attacks. SCADA Security: Machine Learning Concepts for Intrusion Detection and Prevention is designed to help security and networking professionals develop and deploy accurate and effective Intrusion Detection Systems (IDS) for SCADA systems that leverage autonomous machine learning.
Providing expert insights, practical advice, and up-to-date coverage of developments in SCADA security, this authoritative guide presents a new approach for efficient unsupervised IDS driven by SCADA-specific data. Organized into eight in-depth chapters, the text first discusses how traditional IT attacks can also be possible against SCADA, and describes essential SCADA concepts, systems, architectures, and main components. Following chapters introduce various SCADA security frameworks and approaches, including evaluating security with virtualization-based SCADAVT, using SDAD to extract proximity-based detection, finding a global and efficient anomaly threshold with GATUD, and more. This important book:
- Provides diverse perspectives on establishing an efficient IDS approach that can be implemented in SCADA systems
- Describes the relationship between main components and three generations of SCADA systems
- Explains the classification of a SCADA IDS based on its architecture and implementation
- Surveys the current literature in the field and suggests possible directions for future research
SCADA Security: Machine Learning Concepts for Intrusion Detection and Prevention is a must-read for all SCADA security and networking researchers, engineers, system architects, developers, managers, lecturers, and other SCADA security industry practitioners.
Preguntas frecuentes
¿Cómo cancelo mi suscripción?
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es SCADA Security un PDF/ePUB en línea?
Sí, puedes acceder a SCADA Security de Abdulmohsen Almalawi, Zahir Tari, Adil Fahad, Xun Yi en formato PDF o ePUB, así como a otros libros populares de Biological Sciences y System Theory. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.
Información
CHAPTER 1
Introduction
This aim of this introductory chapter is to motivate the extensive research work carried in this book, highlighting the existing solutions and their limitations, and putting in context the innovative work and ideas described in this book.
1.1 Overview
Supervisory Control and Data Acquisition (SCADA) systems have been integrated to control and monitor industrial processes and our daily critical infrastructures such as electric power generation, water distribution and waste water collection systems. This integration adds valuable input to improve the safety of the process and the personnel and to reduce operation costs (Boyer, 2009). However, any disruption to SCADA systems can result in financial disasters or may lead to loss of life in a worst case scenario. Therefore, in the past, such systems were secure by virtue of their isolation and only proprietary hardware and software were used to operate these systems. In other words, these systems were self‐contained and totally isolated from the public network (e.g., the Internet). This isolation created the myth that malicious intrusions and attacks from the outside world were not a big concern and that such attacks were expected to come from the inside. Therefore, when developing SCADA protocols, the security of the information system was given no consideration.
In recent years, SCADA systems have begun to shift away from using proprietary and customized hardware and software to using Commercial‐Off‐The‐Shelf (COTS) solutions. This shift has increased their connectivity to the public networks using standard protocols (e.g., TCP/IP). In addition, there is decreased reliance on a single vendor. Undoubtedly, this increases productivity and profitability but will, however, expose these systems to cyber threats (Oman et al., 2000). According to a survey published by the SANS Institute (Bird and Kim, 2012), only 14% of organizations carry out security reviews of COTS applications that are being used, while over 50% of other organizations do not perform security assessments and rely only on vendor reputation or the legal liability agreements, or they have no policies at all regarding the use of COTS solutions.
The adoption of COTS solutions is a time‐ and cost‐efficient means of building SCADA systems. In addition, COST‐based devices are intended to operate on traditional Ethernet networks and the TCP/IP stack. This feature allows devices from various vendors to communicate with each other, and also helps to remotely supervise and control critical industrial systems from any place and at any time using the Internet. Moreover, wireless technologies can efficiently be used to provide mobility and local control for multivendor devices at a low cost for installation and maintenance. However, the convergence of state‐of‐the‐art communication technologies exposes SCADA systems to all the inherent vulnerabilities of these technologies. In what follows, we discuss how the potential cyber‐attacks against traditional IT can also be possible against SCADA systems.
- Denial of Services (DoS) attacks. This is a potential attack on any Internet‐connected device where a large number of spurious packets are sent to a victim in order to consume excessive amounts of endpoint network bandwidth. A packet flooding attack (Houle et al., 2001) is often used as another term for a DoS attack. This type of attack delays or totally prevents the victim from receiving the legitimate packets (Householder et al., 2001). SCADA networking devices that are exposed to the Internet such as routers, gateways and firewalls are susceptible to this type of attack. Long et al. (2005) proposed two models of DoS attacks on a SCADA network using reliable simulation. The first model was directly launched to an endpoint (e.g., controller or a customer‐edge router connecting to the Internet), while the second model is an indirect attack, where the DoS attack is launched on a router (on the Internet) that is located in the path between the plant and endpoint. In this study, it was found that DoS attacks that were launched directly (or indirectly) cause excessive packet losses. Consequently, a controller that receives the measurement and control data late or not at all from the devices deployed in the field will make a decision based on old data.
- Propagation of malicious codes. Such types of attack can occur in various forms such as viruses, Trojan horses, and worms. They are potential threats to SCADA systems that are directly (or indirectly) connected to the Internet. Unlike worms, viruses and Trojans require a human action to be initiated. However, all these threats are highly likely as long as the personnel are connected to the Internet through the corporate network, which is directly connected to the SCADA system, or if they are allowed to plug their personal USBs into the corporate workstations. Therefore, a user can be deceived into downloading a contaminated file containing a virus or installing software that appears to be useful. Shamoon (Bronk and Tikk‐Ringas, 2013), Stuxnet (Falliere et al., 2011), Duqu (Bencsáth et al., 2012), and Flame (Munro, 2012) are examples of such threats targeting SCADA systems and oil and energy sectors.
- Inside threats. The employees who are disgruntled or intend to divulge valuable information for malicious reasons can pose real threats and risks that should be taken seriously. This is because employees usually have unrestricted access to the SCADA systems and also know the configuration settings of these systems. For instance, the attack on the sewage treatment system in Maroochy Shire, South‐East Queensland (Australia) in 2001 (Slay and Miller, 2007) is an example of an attack that was launched by a disgruntled employee, where the attacker took over the control devices of a SCADA system and caused 800,000 litres of raw sewage to spill out into local parks and rivers.
Figure 1.1 SCADA vulnerabilities revealed since 2001 in OSVDB. - Unpatched vulnerabilities. The existence of vulnerabilities is highly expected in any system and it is known that hackers always exploit unpatched vulnerabilities to obtain access and to control the targeted system. Even though the vendors immediately release the patches for the identified vulnerabilities, it is challenging to install these patches on SCADA systems that run twenty‐four‐by‐seven. Therefore, such systems will remain vulnerable for weeks or months. As depicted in Figure 1.1, and according to the independent and Open Source Vulnerability DataBase (OSVDB)1 for the security community, vulnerabilities targeting SCADA systems have substantially increased over the past three years since 2011.
- Nontechnical (social engineering) attacks. This type of attack can bypass state‐of‐the‐art security technologies that cost millions of dollars. In general, the attackers initially try to obtain sensitive information such as the design, operations, or security controls of the targeted SCADA system. There are a number of ways to gather such information. If the network access credentials of ex‐employees are not immediately disabled, they can be revealed to another party in order to profit from the information, or as a desire for revenge. In another way, such critical information can be easily obtained from current employees as long as they are known by building a trust relationship or by knowing some information about a naive employee who is allowed to remotely control and monitor the systems via the Internet, all of which can help the attacker to answer the expected questions when calling up the central office to tell them that s/he forgot the network access credentials and assistance is needed to connect to the field network.
The security concepts that have been extensively used in traditional IT systems (e.g., management, filtering, encryption, and intrusion detection) can be adapted to mitigate the risk of the aforementioned potential threats against SCADA systems. However, these concepts cannot be directly applied without considering the nature of SCADA systems. For instance, the resource constraints of SCADA devices, such as low bandwidth, processing power, and memory, complicate the integration of complex cryptography, especially with legacy devices. All the SCADA protocols were developed without any consideration given to information security and, therefore, they lack authentication and integrity. Two solutions to secure the SCADA communications are: placing the cryptographic technologies at each end of the communication medium (American Gas Association (AGA), 2006; Tsang and Smith, 2008), or directly integrating them into the protocol, such as a secure DNP3 that protects the communication between master stations and outstations such as PLCs, RTUs, and IEDs (Majdalawieh et al., 2006).
Apart from the efforts to authenticate and encrypt SCADA communication links, it is still an open research challenge to secure the tens of SCADA protocols that are being used or to develop security modules to protect the communication link between two parties. AGA (American Gas Association (AGA), 2006) highlighted the challenges in building security modules that can be broadly summarized into two points: (i) the additional latency can be introduced by a secure protocol and (ii) the sophisticated key management system requires high bandwidth and additional communication channels that SCADA communication links are lacking.
Similarly, the traffic filtering process between a SCADA network and a corporate network using firewalls is a considerable countermeasure to mitigate...