Title :
Stateful intrusion detection for IEC 60870-5-104 SCADA security
Author :
Yang, Yi ; McLaughlin, Keiran ; Sezer, Sakir ; Yuan, Y.B. ; Huang, Wei
Author_Institution :
Jiangsu Electr. Power Co. Res. Inst., Nanjing, China
Abstract :
Cyber threats in Supervisory Control and Data Acquisition (SCADA) systems have the potential to render physical damage and jeopardize power system operation, safety and stability. SCADA systems were originally designed with little consideration of escalating cyber threats and hence the problem of how to develop robust intrusion detection technologies to tailor the requirements of SCADA is an emerging topic and a big challenge. This paper proposes a stateful Intrusion Detection System (IDS) using a Deep Packet Inspection (DPI) method to improve the cyber-security of SCADA systems using the IEC 60870-5-104 protocol which is tailored for basic telecontrol communications. The proposed stateful protocol analysis approach is presented that is designed specifically for the IEC 60870-5-104 protocol. Finally, the novel intrusion detection approach are implemented and validated.
Keywords :
SCADA systems; power system security; power system stability; security of data; telecontrol; DPI method; IDS; IEC 60870-5-104 protocol; SCADA security; cyber threats; cyber-security; deep packet inspection method; power system operation; power system safety; power system stability; stateful intrusion detection system; supervisory control and data acquisition systems; telecontrol communications; IEC standards; Intrusion detection; NIST; Protocols; SCADA systems; Servers; Cyber-security; IEC 60870-5-104; Intrusion detection; SCADA;
Conference_Titel :
PES General Meeting | Conference & Exposition, 2014 IEEE
Conference_Location :
National Harbor, MD
DOI :
10.1109/PESGM.2014.6939218
