Probability Risk Identification Based Intrusion Detection System for SCADA Systems

TL;DR

This paper introduces PRI-IDS, a novel intrusion detection system for SCADA networks that analyzes Modbus TCP/IP traffic to effectively identify replay attacks, enhancing cybersecurity for critical infrastructures.

Contribution

The paper presents a new Probability Risk Identification technique for SCADA intrusion detection, specifically targeting Modbus TCP/IP vulnerabilities and demonstrating its effectiveness through simulation.

Findings

Successfully detects replay attacks in SCADA networks

Efficiently analyzes network traffic with high accuracy

Scalable and adaptable to real-world environments

Abstract

. As Supervisory Control and Data Acquisition (SCADA) systems control several critical infrastructures, they have connected to the internet. Consequently, SCADA systems face different sophisticated types of cyber adversaries. This paper suggests a Probability Risk Identification based Intrusion Detection System (PRI-IDS) technique based on analysing network traffic of Modbus TCP/IP for identifying replay attacks. It is acknowledged that Modbus TCP is usually vulnerable due to its unauthenticated and unencrypted nature. Our technique is evaluated using a simulation environment by configuring a testbed, which is a cus- tom SCADA network that is cheap, accurate and scalable. The testbed is exploited when testing the IDS by sending individual packets from an attacker located on the same LAN as the Modbus master and slave. The experimental results demonstrated that the proposed technique can effectively and efficiently recognise replay attacks.