针对基于 DNP3 的关键基础设施攻击的结构化防御模型

IF 2.9 4区 综合性期刊 Q1 Multidisciplinary
Erdal Ozdogan
{"title":"针对基于 DNP3 的关键基础设施攻击的结构化防御模型","authors":"Erdal Ozdogan","doi":"10.1007/s13369-024-09577-3","DOIUrl":null,"url":null,"abstract":"<p>Critical infrastructures encompass the essential systems required to operate various sectors, including energy, water, communication, finance, health, and transportation. The sophistication and organization of attacks on these infrastructures are escalating. A frequently targeted protocol within these critical infrastructures is the Distributed Network Protocol 3 (DNP3). This study developed a Machine Learning-supported Intrusion Detection System to identify attacks on DNP3 networks. The research utilized a current and balanced dataset containing DNP3 traffic from critical infrastructures. A model incorporating two defense lines, reflecting the structure of the attacks, was proposed. The initial detection of reconnaissance attacks is designed to prevent subsequent attacks. Reconnaissance attacks are identified in the first defense line using Extreme Gradient Boosting. In contrast, attacks on critical infrastructures are classified as the second defense line, with the support of artificial neural networks. In the study’s first phase, the model achieved high accuracy in detecting reconnaissance attacks. In the second phase, the model achieved approximately 99% accuracy in detecting attacks and around 98% average success in classification. The model achieved 96% accuracy in evaluating unknown attack detection capability.</p>","PeriodicalId":8109,"journal":{"name":"Arabian Journal for Science and Engineering","volume":"100 1","pages":""},"PeriodicalIF":2.9000,"publicationDate":"2024-09-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Structured Defense Model Against DNP3-Based Critical Infrastructure Attacks\",\"authors\":\"Erdal Ozdogan\",\"doi\":\"10.1007/s13369-024-09577-3\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Critical infrastructures encompass the essential systems required to operate various sectors, including energy, water, communication, finance, health, and transportation. The sophistication and organization of attacks on these infrastructures are escalating. A frequently targeted protocol within these critical infrastructures is the Distributed Network Protocol 3 (DNP3). This study developed a Machine Learning-supported Intrusion Detection System to identify attacks on DNP3 networks. The research utilized a current and balanced dataset containing DNP3 traffic from critical infrastructures. A model incorporating two defense lines, reflecting the structure of the attacks, was proposed. The initial detection of reconnaissance attacks is designed to prevent subsequent attacks. Reconnaissance attacks are identified in the first defense line using Extreme Gradient Boosting. In contrast, attacks on critical infrastructures are classified as the second defense line, with the support of artificial neural networks. In the study’s first phase, the model achieved high accuracy in detecting reconnaissance attacks. In the second phase, the model achieved approximately 99% accuracy in detecting attacks and around 98% average success in classification. The model achieved 96% accuracy in evaluating unknown attack detection capability.</p>\",\"PeriodicalId\":8109,\"journal\":{\"name\":\"Arabian Journal for Science and Engineering\",\"volume\":\"100 1\",\"pages\":\"\"},\"PeriodicalIF\":2.9000,\"publicationDate\":\"2024-09-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Arabian Journal for Science and Engineering\",\"FirstCategoryId\":\"103\",\"ListUrlMain\":\"https://doi.org/10.1007/s13369-024-09577-3\",\"RegionNum\":4,\"RegionCategory\":\"综合性期刊\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"Multidisciplinary\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Arabian Journal for Science and Engineering","FirstCategoryId":"103","ListUrlMain":"https://doi.org/10.1007/s13369-024-09577-3","RegionNum":4,"RegionCategory":"综合性期刊","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Multidisciplinary","Score":null,"Total":0}
引用次数: 0

摘要

关键基础设施包括能源、水、通信、金融、卫生和交通等各个部门运行所需的基本系统。针对这些基础设施的攻击在复杂性和组织性方面不断升级。在这些关键基础设施中,分布式网络协议 3 (DNP3) 是一个经常成为攻击目标的协议。本研究开发了一种机器学习支持的入侵检测系统,用于识别针对 DNP3 网络的攻击。研究利用了一个当前的均衡数据集,其中包含来自关键基础设施的 DNP3 流量。研究提出了一个包含两条防线的模型,反映了攻击的结构。侦查攻击的初始检测旨在防止后续攻击。在第一道防线中,使用 "极梯度提升"(Extreme Gradient Boosting)技术识别侦查攻击。相反,在人工神经网络的支持下,对关键基础设施的攻击被归类为第二道防线。在研究的第一阶段,该模型在检测侦察攻击方面取得了很高的准确率。在第二阶段,该模型检测攻击的准确率约为 99%,分类的平均成功率约为 98%。该模型在评估未知攻击检测能力方面的准确率达到 96%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

Structured Defense Model Against DNP3-Based Critical Infrastructure Attacks

Structured Defense Model Against DNP3-Based Critical Infrastructure Attacks

Critical infrastructures encompass the essential systems required to operate various sectors, including energy, water, communication, finance, health, and transportation. The sophistication and organization of attacks on these infrastructures are escalating. A frequently targeted protocol within these critical infrastructures is the Distributed Network Protocol 3 (DNP3). This study developed a Machine Learning-supported Intrusion Detection System to identify attacks on DNP3 networks. The research utilized a current and balanced dataset containing DNP3 traffic from critical infrastructures. A model incorporating two defense lines, reflecting the structure of the attacks, was proposed. The initial detection of reconnaissance attacks is designed to prevent subsequent attacks. Reconnaissance attacks are identified in the first defense line using Extreme Gradient Boosting. In contrast, attacks on critical infrastructures are classified as the second defense line, with the support of artificial neural networks. In the study’s first phase, the model achieved high accuracy in detecting reconnaissance attacks. In the second phase, the model achieved approximately 99% accuracy in detecting attacks and around 98% average success in classification. The model achieved 96% accuracy in evaluating unknown attack detection capability.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Arabian Journal for Science and Engineering
Arabian Journal for Science and Engineering 综合性期刊-综合性期刊
CiteScore
5.20
自引率
3.40%
发文量
0
审稿时长
4.3 months
期刊介绍: King Fahd University of Petroleum & Minerals (KFUPM) partnered with Springer to publish the Arabian Journal for Science and Engineering (AJSE). AJSE, which has been published by KFUPM since 1975, is a recognized national, regional and international journal that provides a great opportunity for the dissemination of research advances from the Kingdom of Saudi Arabia, MENA and the world.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信