TY - GEN
T1 - A Network Protection Framework for DNP3 over TCP/IP protocol
AU - Bai, Jin
AU - Hariri, Salim
AU - Al-Nashif, Youssif
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2014
Y1 - 2014
N2 - the pervasive deployment of intelligent devices in the critical infrastructures sector and the high dependency of these devices on the Internet motivated attackers to target the communication and control protocols of these devices. DNP3 over TCP/IP is among those protocols that are widely used as communication and control protocols in critical infrastructures. Due to the facts that security was not part of the goals for designing the DNP3 and the incompetent of current protection systems, adversary can easily succeed in attacking DNP3 devices and network. In this paper, we present an Autonomic Network Protection Framework for DNP3 over TCP/IP that detects old attacks that cannot be prevented by the legacy DNP3 security devices as well as new attacks. The system's detection module is based on rule-based anomaly intrusion detection. We evaluated the effectiveness of the generated rules in detecting anomalies through both offline and online testing. Both the false positive and the false negative rates of our approach are quite low. In addition, we present a classification technique and an access control mechanism to provide autonomic network protection.
AB - the pervasive deployment of intelligent devices in the critical infrastructures sector and the high dependency of these devices on the Internet motivated attackers to target the communication and control protocols of these devices. DNP3 over TCP/IP is among those protocols that are widely used as communication and control protocols in critical infrastructures. Due to the facts that security was not part of the goals for designing the DNP3 and the incompetent of current protection systems, adversary can easily succeed in attacking DNP3 devices and network. In this paper, we present an Autonomic Network Protection Framework for DNP3 over TCP/IP that detects old attacks that cannot be prevented by the legacy DNP3 security devices as well as new attacks. The system's detection module is based on rule-based anomaly intrusion detection. We evaluated the effectiveness of the generated rules in detecting anomalies through both offline and online testing. Both the false positive and the false negative rates of our approach are quite low. In addition, we present a classification technique and an access control mechanism to provide autonomic network protection.
KW - Anomaly Detection
KW - Autonomic Network Protection
KW - Critical infrastructures
KW - DNP3 over TCP/IP
UR - http://www.scopus.com/inward/record.url?scp=84988228123&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84988228123&partnerID=8YFLogxK
U2 - 10.1109/AICCSA.2014.7073172
DO - 10.1109/AICCSA.2014.7073172
M3 - Conference contribution
AN - SCOPUS:84988228123
T3 - Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA
SP - 9
EP - 15
BT - 2014 IEEE/ACS 11th International Conference on Computer Systems and Applications, AICCSA 2014
PB - IEEE Computer Society
T2 - 2014 11th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2014
Y2 - 10 November 2014 through 13 November 2014
ER -