A Network Protection Framework for DNP3 over TCP/IP protocol

Jin Bai, Salim A Hariri, Youssif Al-Nashif

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

the pervasive deployment of intelligent devices in the critical infrastructures sector and the high dependency of these devices on the Internet motivated attackers to target the communication and control protocols of these devices. DNP3 over TCP/IP is among those protocols that are widely used as communication and control protocols in critical infrastructures. Due to the facts that security was not part of the goals for designing the DNP3 and the incompetent of current protection systems, adversary can easily succeed in attacking DNP3 devices and network. In this paper, we present an Autonomic Network Protection Framework for DNP3 over TCP/IP that detects old attacks that cannot be prevented by the legacy DNP3 security devices as well as new attacks. The system's detection module is based on rule-based anomaly intrusion detection. We evaluated the effectiveness of the generated rules in detecting anomalies through both offline and online testing. Both the false positive and the false negative rates of our approach are quite low. In addition, we present a classification technique and an access control mechanism to provide autonomic network protection.

Original languageEnglish (US)
Title of host publication2014 IEEE/ACS 11th International Conference on Computer Systems and Applications, AICCSA 2014
PublisherIEEE Computer Society
Pages9-15
Number of pages7
Volume2014
ISBN (Electronic)9781479971008
DOIs
StatePublished - 2014
Event2014 11th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2014 - Doha, Qatar
Duration: Nov 10 2014Nov 13 2014

Other

Other2014 11th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2014
CountryQatar
CityDoha
Period11/10/1411/13/14

Keywords

  • Anomaly Detection
  • Autonomic Network Protection
  • Critical infrastructures
  • DNP3 over TCP/IP

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Signal Processing
  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'A Network Protection Framework for DNP3 over TCP/IP protocol'. Together they form a unique fingerprint.

  • Cite this

    Bai, J., Hariri, S. A., & Al-Nashif, Y. (2014). A Network Protection Framework for DNP3 over TCP/IP protocol. In 2014 IEEE/ACS 11th International Conference on Computer Systems and Applications, AICCSA 2014 (Vol. 2014, pp. 9-15). [7073172] IEEE Computer Society. https://doi.org/10.1109/AICCSA.2014.7073172