IEEE Access (Jan 2020)

Cyber-Physical Integrated Intrusion Detection Scheme in SCADA System of Process Manufacturing Industry

  • Junlei Qian,
  • Xueqiang Du,
  • Bo Chen,
  • Bin Qu,
  • Kai Zeng,
  • Jianpeng Liu

DOI
https://doi.org/10.1109/ACCESS.2020.3015900
Journal volume & issue
Vol. 8
pp. 147471 – 147481

Abstract

Read online

Most Intrusion Detection System(IDS) used in Supervisory Control and Data Acquisition (SCADA) systems now are focused on the cyber field but ignored the process states in physical field of the plants. Attacks aiming at the protocol traffics can be detected but attacks aiming at the processes are difficult to be detected such as the Man In The Middle (MITM) attacks and the Replay attacks. We propose a scheme in both cyber way and physical way to detect the above attacks. Validation of process states is used to detect malicious behaviors to prevent the physical components from being damaged which can be caused by MITM, Replay, and Zero-day attacks. Nonparallel hyperplane based fuzzy classifier is presented to realize the classification of branching shaped data sets which are difficult to be classified by two parallel hyperplane of Support Vector Machine(SVM) to detect attacks caused by DoS (SYN flood) and other attacks in cyber field. Modbus/TCP traffic data are used to test the algorithm and simulation process states are used to test the validation part and the performance of this hybrid scheme is excellent.

Keywords