Predicting Cyber-Attacks in Industrial SCADA Systems Through The Kalman Filter Implementation
Abstract
In industrial SCADA (Supervisory Control and Data Acquisition) systems, knowing the status of each device allows information to be collected on its behavior. In this way, actions can be deduced, and different strategies can be formed to help reduce cyber risk. In this article of applied research, a model of prediction of possible cyber-attacks in a SCADA system is presented. This prediction is made with a Kalman filter. A Kalman filter processes cyber security events captured through an intrusion detection system (applied in a SCADA simulation system) and generates a future projection of the probability of an attack being carried out. With this information, system administrators will be able to make some decisions about how to act against imminent cyber-attacks. An installation of different technological components was carried out and 3 cyberattacks to the SCADA were executed: (i) possible scans, (ii) theft of information and (iii) command and data overwriting generating Denial of Service or DoS. The security events were detected by an intrusion detection system and sent to a software, setup with Kalman filter features to deliver as output the possible predictions of attacks. As a result, the probability of a successful computer attack can be seen from the entries based on the historical events and the applied filter formulas.
References
A. R. Almanza J., “XIX Encuesta Nacional de Seguridad Informática Evolución del perfil del profesional de seguridad digital.,” Rev, sistemas, no. 151, pp. 12–41, Jun.. 2019. https://doi.org/10.29236/sistemas.n151a3
Instituto Nacional de ciberseguridad (INCIBE), "Las claves de los últimos ataques en sistemas de control industrial,", 2018. Disponible en: https://www.incibe-cert.es/blog/las-claves-los-ultimos-ataques-sistemas-control-industrial
M. Ramirez, E. Miilán y V. Moreno “Herramienta para programar un controlador lógico programable basado en hardware reconfigurable”. RIELAC, Vol.22, Apr. 2011, pp.65 – 77. Disponible en: http://rielac.cujae.edu.cu/index.php/rieac/article/view/83
A. Romero-Acero, A. Marín-Cano, y E. I. Arango-Zuluaga, “Plataformas de Laboratorio de Bajo Costo Basadas en el Protocolo ZigBee,” TecnoLógicas, pp. 411-423, Nov. 2013. https://doi.org/10.22430/22565337.367
M. Annor- y B. Pranggono, “Development of Smart Grid Testbed with Low-Cost Hardware and Software for Cybersecurity Research and Education,” Wirel. Pers. Commun., vol. 101, no. 3, pp. 1357–1377, Apr. 2018. https://doi.org/10.1007/s11277-018-5766-6
E. Carozo Blumsztein y L. Vidal, “Sistemas SCADA, algunas recomendaciones de seguridad – Parte II,” Revista. Seguridad no. 19 Sep. 2013. Disponible en: https://revista.seguridad.unam.mx/printpdf/2190
D. J. Kalbfleisch, “SCADA Technologies and Vulnerabilities” Dec. 2013, pp. 1- 7. Disponible en: http://www.cs.tufts.edu/comp/116/archive/fall2013/dkalbfleisch.pdf
K. Coffey, R. Smith, L. Maglaras, y H. Janicke, “Vulnerability Analysis of Network Scanning on SCADA Systems,” Secur. Commun. Networks, vol. 2018, pp. 1–21, Mar. 2018. https://doi.org/10.1155/2018/3794603
C.-C. Sun, A. Hahn y C.-C. Liu, “Cyber security of a power grid: State-of-the-art,” Int. J. Electr. Power Energy Syst., vol. 99, pp. 45–56, Jul. 2018. https://doi.org/10.1016/j.ijepes.2017.12.020
L. A. Maglaras et al., “Cyber security of critical infrastructures,” ICT Express, vol. 4, no. 1, pp. 42–45, Mar-2018. https://doi.org/10.1016/j.icte.2018.02.001
P. Liu y T. Liu, “Physical Intrusion Detection for Industrial Control System,” en 2018 IEEE Conference on Communications and Network Security (CNS), Beijing, 2018, pp. 1–2. https://doi.org/10.1109/CNS.2018.8433194
A. Warzynski y G. Kolaczek, “Intrusion detection systems vulnerability on adversarial examples,” in 2018 Innovations in Intelligent Systems and Applications (INISTA), Thessaloniki, 2018, pp. 1–4. https://doi.org/10.1109/INISTA.2018.8466271
R. Teja Gaddam y M. Nandhini, "An analysis of various snort based techniques to detect and prevent intrusions in networks proposal with code refactoring snort tool in Kali Linux environment," en 2017 International Conference on Inventive Communication and Computational Technologies (ICICCT), Coimbatore, 2017, pp. 10-15. https://doi.org/10.1109/ICICCT.2017.7975177
R. E. Kalman, “A New Approach to Linear Filtering and Prediction Problems,” J. Basic Eng., vol. 82, no. 82, pp. 35-45, 1960. Disponible en: http://www.unitedthc.com/DSP/Kalman1960.pdf
C. D. Zuluaga-Ríos, M. A. Álvarez-López y A. A. Orozco-Gutiérrez, “A comparison of robust Kalman filtering methods for artifact correction in heart rate variability analysis”, TecnoLógicas, vol. 18, no. 34, pp. 25-35, Jan. 2015. https://doi.org/10.22430/22565337.213
F. Baker y S. Thennadil, “Constrained Kalman Filtering: Improving Fused Information Retention During Constraining,” en 2019 24th International Conference on Methods and Models in Automation and Robotics (MMAR), Międzyzdroje, Poland, 2019, pp. 434-437. https://doi.org/10.1109/MMAR.2019.8864655
Python Software Foundation “Python.org.” Disponible en: https://www.python.org/
Honeynet.org, "CONPOT – Low interaction serverside ICS honeypot," 1990 - 2019 Accessed: 11-Nov-2019. Disponible en: https://www.honeynet.org/projects/active/conpot/
A. Jicha, M. Patton, H. Chen “SCADA honeypots: An in-depth analysis of Conpot.” En 2016 IEEE Conference on Intelligence and Security Informatics (ISI) Tucson. 2016 pp. 196-198. https://doi.org/10.1109/ISI.2016.7745468
MushMush Foundation Revision 1891107c “Welcome to Conpot’s documentation!” — Conpot 0.6.0 documentation.” Disponible en: https://conpot.readthedocs.io/en/latest/index.html
Siemens 2008, “SIMATIC - Manual del sistema de automatización S7-200”. Número de referencia del manual: 6ES7298--8FA24--8DH0. Disponible en: http://www.west-l.com/uploads/tdpdf/s7-200_esp_man.pdf
Cisco, “SNORT Sotfware”, 2019.. Accessed: 11-Aug-2019. Disponible en: https://www.snort.org/documents
Barnyard2, “Bbarnyard2 Configuration.” Disponible en: https://github.com/firnsy/barnyard2
Oracle Corporation, “MySQL Workbench versions 5.6”, 2020. Disponible en: https://www.mysql.com/
S. A. Tovar Balderas Conpot: honeypot de sistemas de control industrial” Revista .seguridad, no 29. Jun. 2017. Disponible en: https://revista.seguridad.unam.mx/numero29/conpot-honeypot-de-sistemas-de-control-industrial
F. A. Alhaidari and E. M. AL-Dahasi, "New Approach to Determine DDoS Attack Patterns on SCADA System Using Machine Learning," en 2019 International Conference on Computer and Information Sciences (ICCIS), Sakaka, Saudi Arabia, 2019, pp. 1-6. https://doi.org/10.1109/ICCISci.2019.8716432
A. E. M. AL-Dahasi y B. N. Abbas Saqib, "Attack tree Model for Potential Attacks Against the SCADA System," en 2019 27th Telecommunications Forum (TELFOR), Belgrade, Serbia, 2019, pp. 1-4. https://doi.org/10.1109/TELFOR48224.2019.8971181
G. MeeraGandhi, “Machine Learning Approach for Attack Prediction and Classification using Supervised Learning Algorithms”. Int. J. Comput. Sci. Commun Vol. 1, no. 2, Jul. 2010, pp. 247-250. Disponible en: http://csjournals.com/IJCSC/PDF1-2/51..pdf
T. Abdelghani, "Industrial control systems (ics) security in power transmission network," en 2019 Algerian Large Electrical Network Conference (CAGRE), Algiers, Algeria, 2019, pp. 1-4. https://doi.org/10.1109/CAGRE.2019.8713289
Downloads
