Covert penetrations: Analyzing and defending SCADA systems from stealth and Hijacking attacks

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-04-22 DOI:10.1016/j.cose.2025.104449

Syed Wali , Yasir Ali Farrukh , Irfan Khan , John A. Hamilton

{"title":"Covert penetrations: Analyzing and defending SCADA systems from stealth and Hijacking attacks","authors":"Syed Wali , Yasir Ali Farrukh , Irfan Khan , John A. Hamilton","doi":"10.1016/j.cose.2025.104449","DOIUrl":null,"url":null,"abstract":"<div><div>SCADA (Supervisory Control and Data Acquisition) systems are critical for managing industrial processes, including energy production, manufacturing, and transportation. However, their reliance on protocols such as Modbus, which lack inherent security features, exposes them to sophisticated cyber threats. This paper explores vulnerabilities in the Modbus protocol to design advanced SCADA-specific attack scenarios—SCADA Hijacking and SCADA Blackout. These covert attacks exploit protocol weaknesses to manipulate process parameters or halt operations while evading detection by intrusion detection systems (IDS) and human operators, representing a significant escalation in the sophistication of cyber threats. To counter these threats, we propose a novel machine learning-based defense mechanism that incorporates heterogeneous graph embeddings, combining multimodal network data such as flow-level and packet-level features. The proposed attacks and defense mechanism were rigorously evaluated using precision, recall, F1 score, accuracy and false positive rate as key metrics, demonstrating the stealthiness of the attacks and the robustness of the defense. By exposing critical vulnerabilities and presenting an advanced intrusion detection framework, this research establishes a foundation for strengthening SCADA systems against evolving cyber threats, ensuring the security and reliability of industrial control systems.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"156 ","pages":"Article 104449"},"PeriodicalIF":4.8000,"publicationDate":"2025-04-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825001385","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

SCADA (Supervisory Control and Data Acquisition) systems are critical for managing industrial processes, including energy production, manufacturing, and transportation. However, their reliance on protocols such as Modbus, which lack inherent security features, exposes them to sophisticated cyber threats. This paper explores vulnerabilities in the Modbus protocol to design advanced SCADA-specific attack scenarios—SCADA Hijacking and SCADA Blackout. These covert attacks exploit protocol weaknesses to manipulate process parameters or halt operations while evading detection by intrusion detection systems (IDS) and human operators, representing a significant escalation in the sophistication of cyber threats. To counter these threats, we propose a novel machine learning-based defense mechanism that incorporates heterogeneous graph embeddings, combining multimodal network data such as flow-level and packet-level features. The proposed attacks and defense mechanism were rigorously evaluated using precision, recall, F1 score, accuracy and false positive rate as key metrics, demonstrating the stealthiness of the attacks and the robustness of the defense. By exposing critical vulnerabilities and presenting an advanced intrusion detection framework, this research establishes a foundation for strengthening SCADA systems against evolving cyber threats, ensuring the security and reliability of industrial control systems.

查看原文本刊更多论文

隐蔽渗透：分析和防御SCADA系统的隐形和劫持攻击

SCADA（监督控制和数据采集）系统对于管理工业过程至关重要，包括能源生产、制造和运输。然而，它们对Modbus等缺乏固有安全特性的协议的依赖，使它们面临复杂的网络威胁。本文探讨了Modbus协议中的漏洞，设计了高级SCADA专用攻击场景——SCADA劫持和SCADA停电。这些隐蔽攻击利用协议弱点操纵过程参数或停止操作，同时逃避入侵检测系统（IDS）和人工操作员的检测，代表着网络威胁复杂性的显著升级。为了应对这些威胁，我们提出了一种新的基于机器学习的防御机制，该机制结合了异构图嵌入，结合了流级和包级特征等多模态网络数据。以准确率、召回率、F1分数、准确率和误报率为关键指标，对所提出的攻击和防御机制进行了严格的评估，证明了攻击的隐蔽性和防御的鲁棒性。通过暴露关键漏洞并提出先进的入侵检测框架，本研究为加强SCADA系统抵御不断发展的网络威胁奠定了基础，确保了工业控制系统的安全性和可靠性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.