Visible to the public Deep-Learning-Based Network Intrusion Detection for SCADA Systems

TitleDeep-Learning-Based Network Intrusion Detection for SCADA Systems
Publication TypeConference Paper
Year of Publication2019
AuthorsYang, Huan, Cheng, Liang, Chuah, Mooi Choo
Conference Name2019 IEEE Conference on Communications and Network Security (CNS)
Keywordsanomaly detection, attacks on DNP3 protocol, compositionality, computer network security, computing nodes, conventional network attacks, conventional SCADA specific network-based attacks, convolutional neural nets, convolutional neural network, Cyber Attack Detection, Deep Learning, deep-learning-based network intrusion detection system, energy-delivery systems, field devices, Human Behavior, ICs, ICS network infrastructure, individual network packets, industrial control, industrial control systems, learning (artificial intelligence), network intrusion detection system, network-based cyber attacks, pubcrawl, realistic SCADA traffic data sets, Resiliency, SCADA network protocols, SCADA system operators, SCADA System Security, SCADA systems, SCADA Systems Security, site-specific network attack, specialized attacks, supervisory control and data acquisition networks, unseen network attack instances

Supervisory Control and Data Acquisition (SCADA)networks are widely deployed in modern industrial control systems (ICSs)such as energy-delivery systems. As an increasing number of field devices and computing nodes get interconnected, network-based cyber attacks have become major cyber threats to ICS network infrastructure. Field devices and computing nodes in ICSs are subjected to both conventional network attacks and specialized attacks purposely crafted for SCADA network protocols. In this paper, we propose a deep-learning-based network intrusion detection system for SCADA networks to protect ICSs from both conventional and SCADA specific network-based attacks. Instead of relying on hand-crafted features for individual network packets or flows, our proposed approach employs a convolutional neural network (CNN)to characterize salient temporal patterns of SCADA traffic and identify time windows where network attacks are present. In addition, we design a re-training scheme to handle previously unseen network attack instances, enabling SCADA system operators to extend our neural network models with site-specific network attack traces. Our results using realistic SCADA traffic data sets show that the proposed deep-learning-based approach is well-suited for network intrusion detection in SCADA systems, achieving high detection accuracy and providing the capability to handle newly emerged threats.

Citation Keyyang_deep-learning-based_2019