The increased complexity and interconnectivity of SCADA infrastructure in the power system have exposed it to the multitude of vulnerabilities. There is a growing emphasis towards developing an efficient intrusion detection system (IDS) to strengthen the security of the SCADA control system. This is a research-in-progress paper which presents the application of two anomaly-based intrusion detection systems (AbIDS) in detecting the stealthy cyber-attack on the SCADA control system. We have applied the IDS tools Snort and Bro, in designing the IDS and later, compared their performances in terms of detection rate and latency in the alert packets with a motive of selecting better IDS for the SCADA security. Specifically, the timing-based rule is applied to identify the malicious packets based on the high temporal frequency in the network traffic. For the case study, we have implemented the SCADA based protection scheme which performs an autonomous protection to mitigate the system disturbances. We first implemented the stealthy cyber-attack which compromised the SCADA controller followed by data integrity attack on the system generator. Next, we perform the impact analysis during the attack followed by performance evaluation of IDS tools. Our experimental results show that the IDS tools are efficient in detecting cyber-attacks within an acceptable time frame for different sizes of network packets.
V.K. Singh, H. Ebrahem, M. Govindarasu, 2018 North American Power Symposium (NAPS), 9 - 11 Sept. 2018
KEYWORDS: Intrusion detection, Tools, Malware, Real-time systems, Protocols, SCADA systems, Engines