Detecting cyber intrusions in SCADA networks using multi-agent collaboration

2011 16th International Conference on Intelligent System Applications to Power Systems Pub Date : 2011-11-18 DOI:10.1109/ISAP.2011.6082170

Ahmed F. Shosha, P. Gladyshev, Shinn-Shyan Wu, Chen-Ching Liu

{"title":"Detecting cyber intrusions in SCADA networks using multi-agent collaboration","authors":"Ahmed F. Shosha, P. Gladyshev, Shinn-Shyan Wu, Chen-Ching Liu","doi":"10.1109/ISAP.2011.6082170","DOIUrl":null,"url":null,"abstract":"Current SCADA (Supervisory Control and Data Acquisition) system architecture increases the interconnectivity to/from other distributed networks and services. In addition, within the SCADA networks there are different types of sub-networks and protocols that are used to monitor and control industrial operations. This complex expansion increases the productivity of SCADA networks; however, it also increases security risks and threats. The state-of-the-art Intrusion Detection Systems (IDSs) are not capable enough of detecting anomalies and intrusions that may be aimed to disrupt the SCADA operations. This paper proposes a Distributed Intrusion Detection System (DIDS) based on a community collaboration between multiple agents of anomaly detectors to identify anomaly behaviors in SCADA networks. The proposed architecture for DIDS incorporates the SCADA network topology and connectivity constraints. In this paper, detailed architecture, components, and functions of DIDS are described and attack scenarios are developed to validate the effectiveness of the proposed methodology","PeriodicalId":424662,"journal":{"name":"2011 16th International Conference on Intelligent System Applications to Power Systems","volume":"57 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"22","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 16th International Conference on Intelligent System Applications to Power Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISAP.2011.6082170","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 22

Abstract

Current SCADA (Supervisory Control and Data Acquisition) system architecture increases the interconnectivity to/from other distributed networks and services. In addition, within the SCADA networks there are different types of sub-networks and protocols that are used to monitor and control industrial operations. This complex expansion increases the productivity of SCADA networks; however, it also increases security risks and threats. The state-of-the-art Intrusion Detection Systems (IDSs) are not capable enough of detecting anomalies and intrusions that may be aimed to disrupt the SCADA operations. This paper proposes a Distributed Intrusion Detection System (DIDS) based on a community collaboration between multiple agents of anomaly detectors to identify anomaly behaviors in SCADA networks. The proposed architecture for DIDS incorporates the SCADA network topology and connectivity constraints. In this paper, detailed architecture, components, and functions of DIDS are described and attack scenarios are developed to validate the effectiveness of the proposed methodology

查看原文本刊更多论文

基于多智能体协作的SCADA网络入侵检测

当前的SCADA(监控和数据采集)系统架构增加了与其他分布式网络和服务的互连性。此外，在SCADA网络中有不同类型的子网和协议，用于监视和控制工业操作。这种复杂的扩展增加了SCADA网络的生产力;但同时也增加了安全风险和威胁。最先进的入侵检测系统(ids)无法检测到可能破坏SCADA操作的异常和入侵。针对SCADA网络中的异常行为，提出了一种基于多异常检测代理之间社区协作的分布式入侵检测系统(DIDS)。提出的DIDS体系结构结合了SCADA网络拓扑和连接约束。在本文中，详细描述了DIDS的体系结构、组件和功能，并开发了攻击场景来验证所提出方法的有效性

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 16th International Conference on Intelligent System Applications to Power Systems

自引率

0.00%

发文量