A Network Protection Framework for DNP3 over TCP/IP protocol

Jin Bai, Salim A Hariri, Youssif Al-Nashif

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

the pervasive deployment of intelligent devices in the critical infrastructures sector and the high dependency of these devices on the Internet motivated attackers to target the communication and control protocols of these devices. DNP3 over TCP/IP is among those protocols that are widely used as communication and control protocols in critical infrastructures. Due to the facts that security was not part of the goals for designing the DNP3 and the incompetent of current protection systems, adversary can easily succeed in attacking DNP3 devices and network. In this paper, we present an Autonomic Network Protection Framework for DNP3 over TCP/IP that detects old attacks that cannot be prevented by the legacy DNP3 security devices as well as new attacks. The system's detection module is based on rule-based anomaly intrusion detection. We evaluated the effectiveness of the generated rules in detecting anomalies through both offline and online testing. Both the false positive and the false negative rates of our approach are quite low. In addition, we present a classification technique and an access control mechanism to provide autonomic network protection.

Original languageEnglish (US)
Title of host publication2014 IEEE/ACS 11th International Conference on Computer Systems and Applications, AICCSA 2014
PublisherIEEE Computer Society
Pages9-15
Number of pages7
Volume2014
ISBN (Electronic)9781479971008
DOIs
StatePublished - 2014
Event2014 11th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2014 - Doha, Qatar
Duration: Nov 10 2014Nov 13 2014

Other

Other2014 11th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2014
CountryQatar
CityDoha
Period11/10/1411/13/14

Fingerprint

Critical infrastructures
Network protocols
Communication
Intrusion detection
Access control
Internet
Testing

Keywords

  • Anomaly Detection
  • Autonomic Network Protection
  • Critical infrastructures
  • DNP3 over TCP/IP

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Signal Processing
  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Cite this

Bai, J., Hariri, S. A., & Al-Nashif, Y. (2014). A Network Protection Framework for DNP3 over TCP/IP protocol. In 2014 IEEE/ACS 11th International Conference on Computer Systems and Applications, AICCSA 2014 (Vol. 2014, pp. 9-15). [7073172] IEEE Computer Society. https://doi.org/10.1109/AICCSA.2014.7073172

A Network Protection Framework for DNP3 over TCP/IP protocol. / Bai, Jin; Hariri, Salim A; Al-Nashif, Youssif.

2014 IEEE/ACS 11th International Conference on Computer Systems and Applications, AICCSA 2014. Vol. 2014 IEEE Computer Society, 2014. p. 9-15 7073172.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Bai, J, Hariri, SA & Al-Nashif, Y 2014, A Network Protection Framework for DNP3 over TCP/IP protocol. in 2014 IEEE/ACS 11th International Conference on Computer Systems and Applications, AICCSA 2014. vol. 2014, 7073172, IEEE Computer Society, pp. 9-15, 2014 11th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2014, Doha, Qatar, 11/10/14. https://doi.org/10.1109/AICCSA.2014.7073172
Bai J, Hariri SA, Al-Nashif Y. A Network Protection Framework for DNP3 over TCP/IP protocol. In 2014 IEEE/ACS 11th International Conference on Computer Systems and Applications, AICCSA 2014. Vol. 2014. IEEE Computer Society. 2014. p. 9-15. 7073172 https://doi.org/10.1109/AICCSA.2014.7073172
Bai, Jin ; Hariri, Salim A ; Al-Nashif, Youssif. / A Network Protection Framework for DNP3 over TCP/IP protocol. 2014 IEEE/ACS 11th International Conference on Computer Systems and Applications, AICCSA 2014. Vol. 2014 IEEE Computer Society, 2014. pp. 9-15
@inproceedings{2b634009470b4d14b0550596888dbff8,
title = "A Network Protection Framework for DNP3 over TCP/IP protocol",
abstract = "the pervasive deployment of intelligent devices in the critical infrastructures sector and the high dependency of these devices on the Internet motivated attackers to target the communication and control protocols of these devices. DNP3 over TCP/IP is among those protocols that are widely used as communication and control protocols in critical infrastructures. Due to the facts that security was not part of the goals for designing the DNP3 and the incompetent of current protection systems, adversary can easily succeed in attacking DNP3 devices and network. In this paper, we present an Autonomic Network Protection Framework for DNP3 over TCP/IP that detects old attacks that cannot be prevented by the legacy DNP3 security devices as well as new attacks. The system's detection module is based on rule-based anomaly intrusion detection. We evaluated the effectiveness of the generated rules in detecting anomalies through both offline and online testing. Both the false positive and the false negative rates of our approach are quite low. In addition, we present a classification technique and an access control mechanism to provide autonomic network protection.",
keywords = "Anomaly Detection, Autonomic Network Protection, Critical infrastructures, DNP3 over TCP/IP",
author = "Jin Bai and Hariri, {Salim A} and Youssif Al-Nashif",
year = "2014",
doi = "10.1109/AICCSA.2014.7073172",
language = "English (US)",
volume = "2014",
pages = "9--15",
booktitle = "2014 IEEE/ACS 11th International Conference on Computer Systems and Applications, AICCSA 2014",
publisher = "IEEE Computer Society",

}

TY - GEN

T1 - A Network Protection Framework for DNP3 over TCP/IP protocol

AU - Bai, Jin

AU - Hariri, Salim A

AU - Al-Nashif, Youssif

PY - 2014

Y1 - 2014

N2 - the pervasive deployment of intelligent devices in the critical infrastructures sector and the high dependency of these devices on the Internet motivated attackers to target the communication and control protocols of these devices. DNP3 over TCP/IP is among those protocols that are widely used as communication and control protocols in critical infrastructures. Due to the facts that security was not part of the goals for designing the DNP3 and the incompetent of current protection systems, adversary can easily succeed in attacking DNP3 devices and network. In this paper, we present an Autonomic Network Protection Framework for DNP3 over TCP/IP that detects old attacks that cannot be prevented by the legacy DNP3 security devices as well as new attacks. The system's detection module is based on rule-based anomaly intrusion detection. We evaluated the effectiveness of the generated rules in detecting anomalies through both offline and online testing. Both the false positive and the false negative rates of our approach are quite low. In addition, we present a classification technique and an access control mechanism to provide autonomic network protection.

AB - the pervasive deployment of intelligent devices in the critical infrastructures sector and the high dependency of these devices on the Internet motivated attackers to target the communication and control protocols of these devices. DNP3 over TCP/IP is among those protocols that are widely used as communication and control protocols in critical infrastructures. Due to the facts that security was not part of the goals for designing the DNP3 and the incompetent of current protection systems, adversary can easily succeed in attacking DNP3 devices and network. In this paper, we present an Autonomic Network Protection Framework for DNP3 over TCP/IP that detects old attacks that cannot be prevented by the legacy DNP3 security devices as well as new attacks. The system's detection module is based on rule-based anomaly intrusion detection. We evaluated the effectiveness of the generated rules in detecting anomalies through both offline and online testing. Both the false positive and the false negative rates of our approach are quite low. In addition, we present a classification technique and an access control mechanism to provide autonomic network protection.

KW - Anomaly Detection

KW - Autonomic Network Protection

KW - Critical infrastructures

KW - DNP3 over TCP/IP

UR - http://www.scopus.com/inward/record.url?scp=84988228123&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84988228123&partnerID=8YFLogxK

U2 - 10.1109/AICCSA.2014.7073172

DO - 10.1109/AICCSA.2014.7073172

M3 - Conference contribution

VL - 2014

SP - 9

EP - 15

BT - 2014 IEEE/ACS 11th International Conference on Computer Systems and Applications, AICCSA 2014

PB - IEEE Computer Society

ER -