A Network Protection Framework for DNP3 over TCP/IP protocol

The pervasive deployment of intelligent devices in the critical infrastructures sector and the high dependency of these devices on the Internet motivated attackers to target the communication and control protocols of these devices. DNP3 over TCP/IP is among those protocols that are widely used as communication and control protocols in critical infrastructures. Due to the facts that security was not part of the goals for designing the DNP3 and the incompetent of current protection systems, adversary can easily succeed in attacking DNP3 devices and network. In this paper, we present an Autonomic Network Protection Framework for DNP3 over TCP/IP that detects old attacks that cannot be prevented by the legacy DNP3 security devices as well as new attacks. The system´s detection module is based on rule-based anomaly intrusion detection. We evaluated the effectiveness of the generated rules in detecting anomalies through both offline and online testing. Both the false positive and the false negative rates of our approach are quite low. In addition, we present a classification technique and an access control mechanism to provide autonomic network protection.