A Multi-Model Proposal for Classification and Detection of DDoS Attacks on SCADA Systems
Industrial automation and control systems have gained increasing attention in the literature recently. Their integration with various systems has triggered considerable developments in critical infrastructure systems. With different network structures, these systems need to communicate with each oth...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2023-05-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/13/10/5993 |
| _version_ | 1797601263647457280 |
|---|---|
| author | Esra Söğüt O. Ayhan Erdem |
| author_facet | Esra Söğüt O. Ayhan Erdem |
| author_sort | Esra Söğüt |
| collection | DOAJ |
| description | Industrial automation and control systems have gained increasing attention in the literature recently. Their integration with various systems has triggered considerable developments in critical infrastructure systems. With different network structures, these systems need to communicate with each other, work in an integrated manner, be controlled, and intervene effectively when necessary. Supervision Control and Data Acquisition (SCADA) systems are mostly utilized to achieve these aims. SCADA systems, which control and monitor the connected systems, have been the target of cyber attackers. These systems are subject to cyberattacks due to the openness to external networks, remote controllability, and SCADA-architecture-specific cyber vulnerabilities. Protecting SCADA systems on critical infrastructure systems against cyberattacks is an important issue that concerns governments in many aspects such as economics, politics, transport, communication, health, security, and reliability. In this study, we physically demonstrated a scaled-down version of a real water plant via a Testbed environment created including a SCADA system. In order to disrupt the functioning of the SCADA system in this environment, five attack scenarios were designed by performing various DDoS attacks, i.e., TCP, UDP, SYN, spoofing IP, and ICMP Flooding. Additionally, we evaluated a scenario with the baseline behavior of the SCADA system that contains no attack. During the implementation of the scenarios, the SCADA system network was monitored, and network data flow was collected and recorded. CNN models, LSTM models, hybrid deep learning models that amalgamate CNN and LSTM, and traditional machine learning models were applied to the obtained data. The test results of various DDoS attacks demonstrated that the hybrid model and the decision tree model are the most suitable for such environments, reaching the highest test accuracy of 95% and 99%, respectively. Moreover, we tested the hybrid model on a dataset that is used commonly in the literature which resulted in 98% accuracy. Thus, it is suggested that the security of the SCADA system can be effectively improved, and we demonstrated that the proposed models have a potential to work in harmony on real field systems. |
| first_indexed | 2024-03-11T03:58:42Z |
| format | Article |
| id | doaj.art-75cf63a89552401ba1ee4dd877e6b185 |
| institution | Directory Open Access Journal |
| issn | 2076-3417 |
| language | English |
| last_indexed | 2024-03-11T03:58:42Z |
| publishDate | 2023-05-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj.art-75cf63a89552401ba1ee4dd877e6b1852023-11-18T00:18:57ZengMDPI AGApplied Sciences2076-34172023-05-011310599310.3390/app13105993A Multi-Model Proposal for Classification and Detection of DDoS Attacks on SCADA SystemsEsra Söğüt0O. Ayhan Erdem1Department of Computer Engineering, Faculty of Technology, Gazi University, Ankara 06560, TurkeyDepartment of Computer Engineering, Faculty of Technology, Gazi University, Ankara 06560, TurkeyIndustrial automation and control systems have gained increasing attention in the literature recently. Their integration with various systems has triggered considerable developments in critical infrastructure systems. With different network structures, these systems need to communicate with each other, work in an integrated manner, be controlled, and intervene effectively when necessary. Supervision Control and Data Acquisition (SCADA) systems are mostly utilized to achieve these aims. SCADA systems, which control and monitor the connected systems, have been the target of cyber attackers. These systems are subject to cyberattacks due to the openness to external networks, remote controllability, and SCADA-architecture-specific cyber vulnerabilities. Protecting SCADA systems on critical infrastructure systems against cyberattacks is an important issue that concerns governments in many aspects such as economics, politics, transport, communication, health, security, and reliability. In this study, we physically demonstrated a scaled-down version of a real water plant via a Testbed environment created including a SCADA system. In order to disrupt the functioning of the SCADA system in this environment, five attack scenarios were designed by performing various DDoS attacks, i.e., TCP, UDP, SYN, spoofing IP, and ICMP Flooding. Additionally, we evaluated a scenario with the baseline behavior of the SCADA system that contains no attack. During the implementation of the scenarios, the SCADA system network was monitored, and network data flow was collected and recorded. CNN models, LSTM models, hybrid deep learning models that amalgamate CNN and LSTM, and traditional machine learning models were applied to the obtained data. The test results of various DDoS attacks demonstrated that the hybrid model and the decision tree model are the most suitable for such environments, reaching the highest test accuracy of 95% and 99%, respectively. Moreover, we tested the hybrid model on a dataset that is used commonly in the literature which resulted in 98% accuracy. Thus, it is suggested that the security of the SCADA system can be effectively improved, and we demonstrated that the proposed models have a potential to work in harmony on real field systems.https://www.mdpi.com/2076-3417/13/10/5993critical infrastructureSCADAcybersecurityDDoSdeep learningtestbed |
| spellingShingle | Esra Söğüt O. Ayhan Erdem A Multi-Model Proposal for Classification and Detection of DDoS Attacks on SCADA Systems Applied Sciences critical infrastructure SCADA cybersecurity DDoS deep learning testbed |
| title | A Multi-Model Proposal for Classification and Detection of DDoS Attacks on SCADA Systems |
| title_full | A Multi-Model Proposal for Classification and Detection of DDoS Attacks on SCADA Systems |
| title_fullStr | A Multi-Model Proposal for Classification and Detection of DDoS Attacks on SCADA Systems |
| title_full_unstemmed | A Multi-Model Proposal for Classification and Detection of DDoS Attacks on SCADA Systems |
| title_short | A Multi-Model Proposal for Classification and Detection of DDoS Attacks on SCADA Systems |
| title_sort | multi model proposal for classification and detection of ddos attacks on scada systems |
| topic | critical infrastructure SCADA cybersecurity DDoS deep learning testbed |
| url | https://www.mdpi.com/2076-3417/13/10/5993 |
| work_keys_str_mv | AT esrasogut amultimodelproposalforclassificationanddetectionofddosattacksonscadasystems AT oayhanerdem amultimodelproposalforclassificationanddetectionofddosattacksonscadasystems AT esrasogut multimodelproposalforclassificationanddetectionofddosattacksonscadasystems AT oayhanerdem multimodelproposalforclassificationanddetectionofddosattacksonscadasystems |