Abstract
Electric grid networks bring measurement data to a control center for making safety critical decisions. These messages are sent using application layer protocols like Modbus and IEC-104, which operate over TCP/IP. Such communications are susceptible to different cyber attacks. In the direction of safeguarding grids, our contributions in this paper are threefold. First, we study two types of attacks known as malformed and message sequencing attacks. In the malformed message attack, an adversary injects a large number of malformed messages and have it sent to the control center to overwhelm it and depleting its computational resources. In the sequencing attacks a series of messages are sent to generate an attack. These messages if accepted by the control center can impact safety of the grid as it can lead to improper assessment of grid network state. Second, we describe a method to detect variants of malformed messages using first order logic statements. Third, we propose a method to filter the messages belonging to malformed and sequencing attacks using the Extended Berkeley Packet Filter. This is realized by implementing logical statements and screening the messages over a window period to show that such a filtering is effective and robust against attack variants and intensity.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Acarali, D., Rajarajan, M., Chema, D., Ginzburg, M.: Modelling DoS attacks & interoperability in the smart grid. In: Proceedings of the 29th International Conference on Computer Communications and Networks, ICCC 2020, pp. 1–6. IEEE (2020)
Matoušek, P., Havlena, V., Holík, L.: Efficient modelling of ICS communication for anomaly detection using probabilistic automata. In: 2021 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 81–89 (2021)
Jørgensen, T.H., et al.: The EXpress data path: fast programmable packet processing in the operating system kernel. In: Proceedings of the 14th International Conference on Emerging Networking Experiments and Technologies, CoNEXT 2018, pp. 54–66 (2018)
SCAPY. https://scapy.net/
Beasley, C., Zhong, X., Deng, J., Brooks, R., Venayagamoorthy, G.K.: A survey of electric power synchrophasor network cyber security. In: IEEE PES Innovative Smart Grid Technologies Conference Europe, pp. 1–5 (2014)
Evangeliou, I.E.: Vulnerabilities of the Modbus protocol. Ph.D. thesis, University of Piraeus, Greece (2018)
Aoufi, S., Derhab, A., Guerroumi, M.: Survey of false data injection in smart power grid: attacks, countermeasures and challenges. J. Inf. Secur. Appl. 54 (2020)
Zhu, B., Joseph, A., Sastry, S.: A taxonomy of cyber attacks on SCADA systems. In: CPSCom: Proceedings of the 4th IEEE International Conference on Cyber, Physical and Social Computing, pp. 380–388 (2011)
Tripathi, N., Hubballi, N.: Application layer denial-of-service attacks and defense mechanisms: a survey. ACM Comput. Surv. 54(4), 1–30 (2021)
Phillips, B., Gamess, E., Krishnaprasad, S.: An evaluation of machine learning-based anomaly detection in a SCADA system using the Modbus protocol. In: Proceedings of the 2020 ACM Southeast Conference, ASM-SE 2020, pp. 188–196 (2020)
Anwar, M., Lundberg, L., Borg, A.: Improving anomaly detection in SCADA network communication with attribute extension. Energy Inform. 5(1), 1–22 (2022)
Goldenberg, N., Wool, A.: Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. Int. J. Crit. Infrastruct. Prot. 6(2), 63–75 (2013)
Kleinmann, A., Wool, A.: Automatic construction of statechart-based anomaly detection models for multi-threaded industrial control systems. ACM Trans. Intell. Syst. Technol. 8(4), 1–21 (2017)
StationGuard. https://www.omicronenergy.com/en/solution/intrusion-detection-system-ids-for-the-power-grid/#
Nyasore, O.N., Zavarsky, P., Swar, B., Naiyeju, R., Dabra, S.: Deep packet inspection in industrial automation control system to mitigate attacks exploiting Modbus/TCP vulnerabilities. In: 2020 IEEE International Conference on Intelligent Data and Security (IDS), pp. 241–245 (2020)
Lin, H., Slagell, A., Di Martino, C., Kalbarczyk, Z., Iyer, R.K.: Adapting Bro into SCADA: building a specification-based intrusion detection system for the DNP3 protocol. In: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, pp. 1–4 (2013)
Chan, A.C., Zhou, J.: Non-intrusive protection for legacy SCADA systems. IEEE Commun. Mag. (2023)
ZEEK IDS. https://old.zeek.org/manual/2.5.5/broids/index.html
Acknowledgement
Work reported in this paper is financially supported by funding from IHUB NTIHAC foundation IIT Kanpur through grant number IHUB-NTIHAC/2021/01/24 and also by Science and Engineering Research Board via grant CRG/2022/005198-G. Authors thankfully acknowledge the funding received.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Hubballi, N., Barsha, N.K. (2024). Mitigating Resource Depletion and Message Sequencing Attacks in SCADA Systems. In: Barolli, L. (eds) Advanced Information Networking and Applications. AINA 2024. Lecture Notes on Data Engineering and Communications Technologies, vol 201. Springer, Cham. https://doi.org/10.1007/978-3-031-57870-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-57870-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-57869-4
Online ISBN: 978-3-031-57870-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)