Professional Documents
Culture Documents
Abstract: Cyber security has become high priority in an indiscriminate mode, and matches the activity that is
Industrial Automation (IA). Here dependable operation is to passed on the subnets to the library of known assaults.
ensure the security, stability and reliability in power delivery When the assault is recognized, or strange conduct is
system. Anonymity progress can be easily removed by using
sensed, the alarm can be sent to the manager.
the Intrusion Detection System (IDS) framework. In this paper
Supervisory Control and Data Acquisition (SCADA)-IDS with Case of the NIDS would be introducing it on the subnet
protocol based and behavior based analysis is proposed and where firewalls are placed to check whether somebody is
exemplified in order to detect known and unknown cyber- attempting to break into the firewall. Conceivably one
attacks from inside or outside SCADA systems. This would filter all inbound and outbound movement, however
framework provides a hierarchical approach for an integrated doing so may make a bottleneck that would hinder the
security system, comprising distributed IDSs to prevent the general pace of the system. An IDS which is abnormality
anomalous attacks due to access control process. In this article
based have screen system movement and measure up it
we have compare three methods viz access control, protocol
base and behavior based whitelist technique. In behavior against a secured gauge. The gauge recognize what is
based there are two techniques used viz length detector and "ordinary" for that system what kind of transfer speed is by
digital signature. However, for research in the community to and large utilized, what conventions are utilized, what ports
progress, such a dataset would be valuable. The proposed and gadgets for the most part associate with one another
system creates new datasets to mitigate vulnerable attacks and alarm the manager or client when activity is caught
from cyber-crime side to save the higher level records and which is irregular, or fundamentally distinctive, than the
system. The simulation result shows that behavior based pattern. The supervisory framework may be joined with an
method outperforms the other two methods with respect to
information obtaining framework by including the
time efficiency and accuracy.
utilization of coded flag over correspondence channels to
Keywords: Cyber security; intrusion detection; smart grid; secure data about the status of the remote gear for showcase
supervisory control and data acquisition (SCADA); digital or for recording capacities. It is a type of industrial control
signature technique system (ICS).
Current security countermeasures in SCADA
I. INTRODUCTION (supervisory control and data acquisition) frameworks
Securing the advanced substation environment is simply predominantly concentrate on ensuring frameworks from
piece of a more extensive and significant exertion that is outer interruptions or vindictive assaults. For instance,
obliged to guarantee the safe operation of cutting edge approaching movement to substations, control focuses, and
power frameworks. There are system based (NIDS) [1] and corporate systems investigated by business firewalls or IDS.
host based (HIDS) interruption recognition frameworks. A Nonetheless, this security approach just considers edge
few frameworks may to stop an interruption, yet this is not safeguards and overlooks inner part location inside a
obliged or expected of a checking framework. Interruption substation system or a control focus. For example, an
identification and aversion frameworks (IDPS) are basically architect can enter a substation and associate his or her
centered on distinguishing conceivable episodes, logging smart phone to the local area network (LAN). A purposeful
data about them, and reporting activities. Likewise, or unintended assault by means of a contaminated smart
associations use IPsec for different purposes, for example, phone now has an enhanced shot of achievement in light of
distinguishing issues with security arrangements, archiving the fact that edge resistances have been avoided. In practice
existing dangers and preventing people from damaging and in most detrimental possibility situations, the greater
security approaches. System interruption recognition part of the digital holdings in SCADA frameworks should
frameworks NIDS [1] are set at a vital point or indicates be viewed as defenseless. Be that as it may, we unable to
inside the system screen activity to and from all gadgets on demand that all cyber assets meet the most noteworthy
the system. It performs an investigation for a passing security necessities because of budgetary cost, time and
movement on the whole subnet, lives up to expectations in framework requirements.
www.ijcsit.com 3778
Ashish K. Uplenchwar et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 6 (4) , 2015, 3778-3783
Industrial control frameworks are machine based neighborhood area networks (NANs), and wide area
frameworks that screen and control modern methodologies networks (WANs), where they had used the support vector
that exist in the physical world. Current security machine (SVM) and artificial immune system (AIS) to
countermeasures in SCADA [2] frameworks mainly detect and classify malicious data and possible cyber-
concentrate on securing frameworks from outside attacks [3].
interruptions or malicious attacks. Case in point, A methodology for the discovery of digital attacks are
approaching activity to substations, control focuses, and against mechanical establishments. The key components of
corporate systems reviewed by business firewalls or IDS. this strategy are the idea of Critical State, and the
On the other hand, this security approach just considers presumption that an attacker going for harming a
border resistances and disregards inside identification inside mechanical establishment (like a Power Plant) and have to
a substation system or a control focus. There-fore, an alter for accomplishing that come about the state of the
architect can enter a substation and join his or her portable framework from protected to basic selective state approval,
computer to the LAN. With the application of IT scarcely material in conventional ICT frameworks, thinks
innovations, new digital vulnerabilities develop in keen that its regular application in the mechanical control field,
lattices and comparative basic bases. These vulnerabilities where the basic states are by and large well-known and
could be misused, not just from outside sources, for restricted in number. Since the discovery is focused around
example, terrorists, programmers, contenders, or the investigation of the framework development, and not on
mechanical surveillance, additionally from inside dangers, the dissection of the attack advancement the IDS for known
for example, ex-workers, displeased representatives, selective states, can distinguish likewise "zero day attacks"
outsider merchants, or site engineers. Security for protecting [4]. The paper has proposed multi-dimensional metric
the entire smart-grid techno-logical environment requires giving a parametric measure of the separation between a
the consideration of many subsystems that make up the given state and the set of selective states. This metric can be
smart grid, for example, wide-area monitoring protection utilized for following the development of a framework,
and control (WAMPAC), distribution-management system showing its nearness to the set of predefined selective states
(DMS), advanced metering infrastructure (AMI), and higher [4].
level communication architectures at the grid system level.
The scope of this paper is to focus on one important sub-
system level of the smart grid environment, specifically
cyber-security for digital substations.
www.ijcsit.com 3779
Ashish K. Uplenchwar et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 6 (4) , 2015, 3778-3783
3. BBR (Behavior Based Rule): In this method two Fig.2 Proposed System Architecture
techniques are used
Digital signature generation: In this method if one
operator wants to send any message to another
operator which is confidential then for security
Input
purpose digital signature method generate keys and
signature and sends encrypted data towards receiver.
S D
At the receiver end signature will be checked and if
it does not match then it is suspicious packet and AWC
stored into the log file.
Length detector: This method checks the actual PBW
payload and length of input packet if it is greater
BBR
than payload then packet is suspicious and will be
stored into the log file. DS
When attack found at that time IDS will generate alarm
to know about attack detection. In this way whole DP
architecture work and we found the packets are suspicious
attack or not. Output
Fig 3. Processes in Detection of Intrusion attacks.
IV. PROPOSED ALGORITHM
Let S be the proposed system which we use to find the As we can see in Fig 3.
attack detection system through ACW, PBW, BBR and S = {D, ACW, PBW, BBW, DP}
digital signature generation. They equip our detection Where, S=
system with capabilities of accurate characterization for System.
traffic behaviors and detection of known and unknown D= Dataset.
attacks respectively. A digital signature technique is ACW = Access Control Whitelist.
developed to enhance and to speed up the process of PBW = Protocol Based Whitelist.
SCADA. BBW =Behaviour Based Whitelist.
DG= Digital Signature Generation.
www.ijcsit.com 3780
Ashish K. Uplenchwar et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 6 (4) , 2015, 3778-3783
www.ijcsit.com 3781
Ashish K. Uplenchwar et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 6 (4) , 2015, 3778-3783
Precision and recall are then defined as: 700 records. The parameters like accuracy, time required
for execution and precision has been taken into
considerations in simulating these algorithms performance.
For evaluating the performance of whitelists-based (wb),
protocol-based (pb), behavior based (bb) and digital
signature (ds). We have taken the dataset of 150,400 and
700 records .The parameters like accuracy, time required
for execution and precision has been taken into
considerations in simulating these algorithms performance.
As shown in above graphs, Precision of protocol and
accuracy of digital signature base shows better result with
respect to other techniques for the dataset 700 records and
as shown in time graph digital signature requires less time
to communicate for a dataset 150 records.
VI. CONCLUSION
REFERENCES
[1] A.A.Ghorbani, W.Lu, and M.Tavallaee, Network Intrusion Detection
and Prevention: Concepts and Techniques. 2010, pp. 120.
[2] Y. Yang, K. McLaughlin, S. Sezer, ,T. Littler, E. G. Im, B.
Pranggono, and H. F. Wang, Multiattribute SCADA-Specific
Intrusion Detection System for Power Networks IEEE
TRANSACTIONS ON POWER DELIVERY, VOL. 29, NO. 3,
JUNE 2014, pp. 1092-1102
[3] Upeka Kanchana Premaratne, Jagath Samarabandu ,An Intrusion
Detection System for IEC61850 Automated IEEE
TRANSACTIONS ON POWER DELIVERY, VOL. 25, NO. 4,
OCTOBER 2010,pp2376-2383
[4] A.Carcano,A. Coletta,M.Guglielmi,M. Masera A
Multidimensional Critical State Analysis for Detecting Intrusions
Fig 5. Accuracy Graph. in SCADA Systems IEEE TRANSACTIONS ON INDUSTRIAL
INFORMATICS, VOL. 7, NO. 2, MAY 2011 ppt 179-186.
[5] T. Morris, R. Vaughn, and Y. Dandass, A retrofit network intrusion
detection system for MODBUSRTU and ASCII industrial control
systems,inProc.,2012,pp.23382345
[6] Z. Trabelsi and K. Shuaib, Man in the middle intrusion detection,
in Proc. IEEE Global Telecommun. Conf., 2006, pp. 16.
[7] E. D. Knapp, Industrial Network Security: Securing Critical Infra-
structure Networks for Smart Grid, SCADA, and Other Industrial
Control Systems. 2011, pp. 6061.
[8] J. Hurley, A. Munoz, and S. Sezer, ITACA: Flexible, scalable net-
work analysis, in 2012, pp. 10841088.
[9] IBM, IBM security QRadar SIEM, Somers, NY, USA, Tech.
rep.WGD03021-USEN-00, Jan. 2013.
[10] Z. Yichi, W. Lingfeng, S. Weiqing, R. C. Green, and M. Alam,
Distributed intrusion detection system in a multi-layer network
architecture of smartgrids, vol.2,no.4,pp.796808, Dec. 2011.
[11] M. Crosbie and G. Spafford, Applying genetic programming to
Fig 6. Time graph ntrusion detection, presented at the AAAI Fall Symp. Series, AAAI
Press, MenloPark, CA, Tech. Rep. FS-95-01, 1995
[12] W. Lu and I. Traore, Detecting new forms of network intrusion
For evaluating the performance of whitelists-based (wb), using genetic programming,Comput. Intell., vol. 20, no. 3, pp. 474
protocol-based (pb), behavior based (bb) and digital 494,2004.
signature (ds). We have taken the dataset of 150,400 and
www.ijcsit.com 3782
Ashish K. Uplenchwar et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 6 (4) , 2015, 3778-3783
AUTHORS
Mr. Ashish K. Uplenchwar is a P. G. Scholar in the Computer
Engineering Department, G. H. Raisoni College of Engineering and
Management, Wagholi, Pune. He has received Bachelor of Technology
degree (BTech) in Computer Science and Engineering in 2012 from MIT,
Aurangabad, India. His research interests are Wireless Networks,
Computer Networks, Database management etc.
www.ijcsit.com 3783