Visible to the public Design of Intrusion Prevention System for OT Networks Using Deep Neural Networks

TitleDesign of Intrusion Prevention System for OT Networks Using Deep Neural Networks
Publication TypeConference Paper
Year of Publication2020
AuthorsRajapkar, A., Binnar, P., Kazi, F.
Conference Name2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT)
KeywordsAir gaps, automation industries, automation scenarios, behavior-based intrusion prevention system, computer network security, cyber-attacks, data acquisition, data acquisition systems, Deep Neural Network, deep neural networks, deep packet inspection, DNP3, DoS attack, feature extraction, industrial control, Industries, industry control system, insider attacks, integrated circuits, Internet, intrusion prevention system, invasive software, IPS system, Malware, Modbus, network threats, neural nets, Neural networks, operational technology system elements, OT Network, OT networks, Protocols, pubcrawl, Resiliency, SCADA, SCADA systems, SCADA test bed, Scalability, telecommunication security
Abstract

The Automation industries that uses Supervisory Control and Data Acquisition (SCADA) systems are highly vulnerable for Network threats. Systems that are air-gapped and isolated from the internet are highly affected due to insider attacks like Spoofing, DOS and Malware threats that affects confidentiality, integrity and availability of Operational Technology (OT) system elements and degrade its performance even though security measures are taken. In this paper, a behavior-based intrusion prevention system (IPS) is designed for OT networks. The proposed system is implemented on SCADA test bed with two systems replicates automation scenarios in industry. This paper describes 4 main classes of cyber-attacks with their subclasses against SCADA systems and methodology with design of components of IPS system, database creation, Baselines and deployment of system in environment. IPS system identifies not only IT protocols but also Industry Control System (ICS) protocols Modbus and DNP3 with their inside communication fields using deep packet inspection (DPI). The analytical results show 99.89% accuracy on binary classification and 97.95% accuracy on multiclass classification of different attack vectors performed on network with low false positive rate. These results are also validated by actual deployment of IPS in SCADA systems with the prevention of DOS attack.

DOI10.1109/ICCCNT49239.2020.9225339
Citation Keyrajapkar_design_2020