Abstract
•A secure architecture for IoT- SCADA platform has been proposed for securing SCADA networks from malicious attacks.•The proposed framework enables large traffic analysis and high performance detection.•Two different detection algorithms have been proposed based on ensemble of DBNs and SVMs.•The proposed attack detection system has been verified using real SCADA network traffic data.
Internet of Things (IoTs) platform is increasingly being used in modern industries. Billions of devices with smart sensing capabilities, PLCs, actuators, intelligent electronic devices (IEDs) of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) network are connected over IoT platform. IoT platform has facilitated modern industries an efficient monitoring and controlling of physical systems (various hardware and machineries) resulting in an intelligent data acquisition, processing and highly productive and profitable management of business. Initially, these devices have been deployed without any security concern considering these will run in isolated networks. With the new IoT platform scenario, SCADA based ICS networks are integrated with the corporate networks over the internet. Therefore, the devices of a SCADA network are facing significant threat of malicious attacks either through the vulnerabilities of the corporate network or the devices used in the SCADA. Traditional IT security software products are not enough for ICS as these software products consider only operating system related calls and application program interface (API) behaviour of applications, which are only focused on corporate business solutions and related technologies. In this paper, we propose a secure architecture for ICS network that proposes a detection model based on SCADA network traffic. The proposed architecture develops two ensembles based detection algorithms using deep belief network (DBN) and standard classifier, including support vector machines (SVM). The novelty of the proposed architecture is that it uses network traffic feature and payload feature for detection model instead of conventional signature based or API based malware detection technique. In addition, ensemble-DBN of the proposed architecture can overcome many limitations of standard techniques, including the complexity and big size of the training data.
The proposed architecture for ICS has been verified using a real SCADA network data. Experimental results show that our ensemble based detection system outperforms over existing attack detection engines.