776
views
0
recommends
+1 Recommend
1 collections
    8
    shares
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Identifying S7comm Protocol Data Injection Attacks in Cyber-Physical Systems

      proceedings-article
      1 , 1 , 1
      5th International Symposium for ICS & SCADA Cyber Security Research 2018 (ICS-CSR 2018)
      ICS & SCADA Cyber Security Research
      29 - 30 August 2018
      Cyber-Physical System, Anomaly Detection, S7 Communication Protocol
      Bookmark

            Abstract

            Cyber-physical systems are found in production and industrial systems, as well as critical infrastructures which play a crucial role in our society. The integration of standard computing devices and IP-based technology in cyber-physical systems increases the threat of cyber-attacks. Furthermore, traditional intrusion defense strategies are often not applicable in industrial environments. This paper focuses on the widely used Siemens S7 communication protocol and presents an approach to detect anomalies in network packets by training a model with neural networks and applying the model on current network traffic. In order to stay close to practice we built an experimental setup with industry controllers, sensors and actuators. To check the applicability of the model we launched supervised S7 protocol attacks against the setup. The results show that this approach can detect anomalous network packets with satisfactory accuracy.

            Content

            Author and article information

            Contributors
            URI : www.fhstp.ac.at
            URI : www.fhstp.ac.at
            URI : www.fhstp.ac.at
            Conference
            August 2018
            August 2018
            : 51-56
            Affiliations
            [1 ]University of Applied Sciences, St. Pölten, Institute of IT Security Research, St. Pölten, Austria
            Article
            10.14236/ewic/ICS2018.6
            6e584c4f-762e-4d6b-a4ac-9fac9938c62a
            © Eigner et al. Published by BCS Learning and Development Ltd. Proceedings of ICS & SCADA 2018

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            5th International Symposium for ICS & SCADA Cyber Security Research 2018
            ICS-CSR 2018
            5
            University of Hamburg, Germany
            29 - 30 August 2018
            Electronic Workshops in Computing (eWiC)
            ICS & SCADA Cyber Security Research
            Product
            Product Information: 1477-9358BCS Learning & Development
            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/ICS2018.6
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Electronic Workshops in Computing

            Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction
            Anomaly Detection,Cyber-Physical System,S7 Communication Protocol

            REFERENCES

            1. “Cyberphysical systems: Chancen und Nutzen aus Sicht der Automation” VDI/VDE-Gesellschaft Mess-und Automatisierungstechnik 2013

            2. “W32. stuxnet dossier” White paper, Symantec Corp., Security Response 5 2011

            3. “Analysis of the cyber attack on the ukrainian power grid” Electricity Information Sharing and Analysis Center (E-ISAC) 2016

            4. “Out of control: Ransomware for industrial control systems” 2017

            5. Electrical Engineering Blog “The top most used plc systems around the world.” http://engineering.electricalequipment.org/electrical-distribution/the-topmost-used-plc-systems-around-the-world.html May 2013

            6. “Exploiting siemens simatic s7 plcs” Black Hat USA 16 2 723 733 2011

            7. “Accurate modeling of the Siemens S7 scada protocol for intrusion detection and digital forensics” Journal of Digital Forensics, Security and Law 9 2 4 2014

            8. “A first look into scada network traffic” 2012 IEEE Network Operations and Management Symposium 518 521 April 2012

            9. “Stuxnet, the real start of cyber warfare?. [editor’s note]” IEEE Network 24 2 3 November 2010

            10. “Intrusion detection in scada systems by traffic periodicity and telemetry analysis” 2016 IEEE Symposium on Computers and Communication (ISCC) 318 325 IEEE June 2016

            11. “A modbus traffic generator for evaluating the security of scada systems” 2014 9th International Symposium on Communication Systems, Networks Digital Sign (CSNDSP) 809 814 July 2014

            12. “A framework for improving the accuracy of unsupervised intrusion detection for scada systems” 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications 292 301 July 2013

            13. “A review of scada anomaly detection systems” Soft Computing Models in Industrial and Environmental Applications, 6th International Conference SOCO 2011 357 366 Springer 2011

            14. “Network traffic features for anomaly detection in specific industrial control system network” Future Internet 5 4 460 473 2013

            15. Industrial Control System Fingerprinting and Anomaly Detection 73 85 Cham Springer International Publishing 2015

            16. “Using modelbased intrusion detection for scada networks” Proceedings of the SCADA Security Scientific Symposium Miami Beach, Florida Jan. 2007

            17. “Passive Fingerprinting of SCADA in Critical Infrastructure Network without Deep Packet Inspection” ArXiv e-prints Aug. 2016

            18. “Detection of man-in-the-middle attacks on industrial control networks” 2016 International Conference on Software Security and Assurance (ICSSA) 64 69 Aug 2016

            19. “Anomaly-based detection and classification of attacks in cyber-physical systems” Proceedings of the 12th International Conference on Availability, Reliability and Security, ARES ’17 New York, NY, USA 40:1 40:6 ACM 2017

            Comments

            Comment on this article