For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
3,020
views
22
references
 Top references
cited by
0
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
1 collections
    8
    shares
      183
      similar
       All similar

      Celebrating 65 years of The Computer Journal - free-to-read perspectives - bcs.org/tcj65

      scite_
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Identifying S7comm Protocol Data Injection Attacks in Cyber-Physical Systems

      proceedings-article
      Author(s): 1 , 1 , 1
      Publication date (Print):
      Conference name: 5th International Symposium for ICS & SCADA Cyber Security Research 2018 (ICS-CSR 2018)
      Conference theme: ICS & SCADA Cyber Security Research
      Conference date: 29 - 30 August 2018
      Keywords: Cyber-Physical System, Anomaly Detection, S7 Communication Protocol
      Bookmark

            Abstract

            Cyber-physical systems are found in production and industrial systems, as well as critical infrastructures which play a crucial role in our society. The integration of standard computing devices and IP-based technology in cyber-physical systems increases the threat of cyber-attacks. Furthermore, traditional intrusion defense strategies are often not applicable in industrial environments. This paper focuses on the widely used Siemens S7 communication protocol and presents an approach to detect anomalies in network packets by training a model with neural networks and applying the model on current network traffic. In order to stay close to practice we built an experimental setup with industry controllers, sensors and actuators. To check the applicability of the model we launched supervised S7 protocol attacks against the setup. The results show that this approach can detect anomalous network packets with satisfactory accuracy.

            Content

            Author and article information

            Contributors
            Oliver Eigner: URI : www.fhstp.ac.at
            Philipp Kreimel: URI : www.fhstp.ac.at
            Paul Tavolato: URI : www.fhstp.ac.at
            Conference
            Publication date: August 2018
            Publication date (Print): August 2018
            Pages: 51-56
            Affiliations
            [1 ]University of Applied Sciences, St. Pölten, Institute of IT Security Research, St. Pölten, Austria
            Article
            DOI: 10.14236/ewic/ICS2018.6
            SO-VID: 6e584c4f-762e-4d6b-a4ac-9fac9938c62a
            Copyright © © Eigner et al. Published by BCS Learning and Development Ltd. Proceedings of ICS & SCADA 2018
            License:

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            Conference name: 5th International Symposium for ICS & SCADA Cyber Security Research 2018
            Conference acronym: ICS-CSR 2018
            Conference number: 5
            Conference location: University of Hamburg, Germany
            Conference date: 29 - 30 August 2018
            Conference sponsor: Electronic Workshops in Computing (eWiC)
            Conference theme: ICS & SCADA Cyber Security Research
            History
            Product

            1477-9358 BCS Learning & Development

            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/ICS2018.6
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Series title: Electronic Workshops in Computing

            ScienceOpen disciplines: Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction
            Keywords: Anomaly Detection,Cyber-Physical System,S7 Communication Protocol

            REFERENCES

            1. “Cyberphysical systems: Chancen und Nutzen aus Sicht der Automation” VDI/VDE-Gesellschaft Mess-und Automatisierungstechnik 2013

            2. “W32. stuxnet dossier” White paper, Symantec Corp., Security Response 5 2011

            3. “Analysis of the cyber attack on the ukrainian power grid” Electricity Information Sharing and Analysis Center (E-ISAC) 2016

            4. “Out of control: Ransomware for industrial control systems” 2017

            5. Electrical Engineering Blog “The top most used plc systems around the world.” http://engineering.electricalequipment.org/electrical-distribution/the-topmost-used-plc-systems-around-the-world.html May 2013

            6. “Exploiting siemens simatic s7 plcs” Black Hat USA 16 2 723 733 2011

            7. “Accurate modeling of the Siemens S7 scada protocol for intrusion detection and digital forensics” Journal of Digital Forensics, Security and Law 9 2 4 2014

            8. “A first look into scada network traffic” 2012 IEEE Network Operations and Management Symposium 518 521 April 2012

            9. “Stuxnet, the real start of cyber warfare?. [editor’s note]” IEEE Network 24 2 3 November 2010

            10. “Intrusion detection in scada systems by traffic periodicity and telemetry analysis” 2016 IEEE Symposium on Computers and Communication (ISCC) 318 325 IEEE June 2016

            11. “A modbus traffic generator for evaluating the security of scada systems” 2014 9th International Symposium on Communication Systems, Networks Digital Sign (CSNDSP) 809 814 July 2014

            12. “A framework for improving the accuracy of unsupervised intrusion detection for scada systems” 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications 292 301 July 2013

            13. “A review of scada anomaly detection systems” Soft Computing Models in Industrial and Environmental Applications, 6th International Conference SOCO 2011 357 366 Springer 2011

            14. “Network traffic features for anomaly detection in specific industrial control system network” Future Internet 5 4 460 473 2013

            15. Industrial Control System Fingerprinting and Anomaly Detection 73 85 Cham Springer International Publishing 2015

            16. “Using modelbased intrusion detection for scada networks” Proceedings of the SCADA Security Scientific Symposium Miami Beach, Florida Jan. 2007

            17. “Passive Fingerprinting of SCADA in Critical Infrastructure Network without Deep Packet Inspection” ArXiv e-prints Aug. 2016

            18. “Detection of man-in-the-middle attacks on industrial control networks” 2016 International Conference on Software Security and Assurance (ICSSA) 64 69 Aug 2016

            19. “Anomaly-based detection and classification of attacks in cyber-physical systems” Proceedings of the 12th International Conference on Availability, Reliability and Security, ARES ’17 New York, NY, USA 40:1 40:6 ACM 2017

            Comments

            Comment on this article